FCSS - Security Operations 7.4 Analyst

Here you have the best Fortinet FCSS_SOC_AN-7.4 practice exam questions

You have 27 total questions to study from
Each page has 5 questions, making a total of 6 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on October 30, 2025
This site is not affiliated with or endorsed by Fortinet.

Question 1 of 27

According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.
In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?

Containment

Recovery

Analysis

Eradication

Correct Answer: A

Question 2 of 27

Refer to the exhibit.
Exam FCSS_SOC_AN-7.4: Question 2 - Image 1

You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?

The archive retention period is too long.

The analytics-to-archive ratio is misconfigured.

The disk space allocated is insufficient.

The analytics retention period is too long.

Correct Answer: B

Question 3 of 27

While monitoring your network, you discover that one FortiGate device is sending significantly more logs to FortiAnalyzer than all of the other FortiGate devices in the topology.
Additionally, the ADOM that the FortiGate devices are registered to consistently exceeds its quota.
What are two possible solutions? (Choose two.)

Reconfigure the first FortiGate device to reduce the number of logs it forwards to FortiAnalyzer.

Increase the storage space quota for the first FortiGate device.

Configure data selectors to filter the data sent by the first FortiGate device.

Create a separate ADOM for the first FortiGate device and configure a different set of storage policies.

Correct Answer: A, D

Question 4 of 27

Which role does a threat hunter play within a SOC?

Investigate and respond to a reported security incident

Monitor network logs to identify anomalous behavior

Collect evidence and determine the impact of a suspected attack

Search for hidden threats inside a network which may have eluded detection

Correct Answer: D

Question 5 of 27

Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.)

The supervisor uses an API to store logs, incidents, and events locally.

Downstream collectors can forward logs to Fabric members.

Logging devices must be registered to the supervisor.

Fabric members must be in analyzer mode.

Correct Answer: A, D