Fortinet FCSS_SOC_AN-7.4 Exam Questions

Question 6 of 27

Refer to the exhibit.
Exam FCSS_SOC_AN-7.4: Question 6 - Image 1

A SOC analyst is designing a playbook to filter for a high severity event and attach the event information to an incident.
Which local connector action must the analyst use in this scenario?

Update Asset and Identity

Update Incident

Get Events

Attach Data to Incident

Correct Answer: D

Question 7 of 27

When does FortiAnalyzer generate an event?

When a log matches a filter in a data selector

When a log matches a rule in an event handler

When a log matches an action in a connector

When a log matches a task in a playbook

Correct Answer: B

Question 8 of 27

Refer to the exhibit.
Exam FCSS_SOC_AN-7.4: Question 8 - Image 1

Which two options describe how the Update Asset and Identity Database playbook is configured? (Choose two.)

The playbook is using a FortiMail connector.

The playbook is using a FortiClient EMS connector.

The playbook is using a local connector.

The playbook is using an on-demand trigger.

Correct Answer: B, C

Question 9 of 27

When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform? (Choose two.)

Configure Fabric authorization on the connecting interface.

Enable log compression.

Configure the data policy to focus on archiving.

Configure log forwarding to a FortiAnalyzer in analyzer mode.

Correct Answer: C, D

Question 10 of 27

Refer to the exhibit, which shows the partial output of the MITRE ATT&CK Enterprise matrix on FortiAnalyzer.
Exam FCSS_SOC_AN-7.4: Question 10 - Image 1

Which two statements are true? (Choose two.)

There are four techniques that fall under tactic T1071.

There are 15 events associated with the tactic.

There are four subtechniques that fall under technique T1071.

There are event handlers that cover tactic T1071.

Correct Answer: C, D