Fortinet FCSS_SOC_AN-7.4 Practice Questions & Answers

Question 6 of 27

Refer to the exhibit.
Exam FCSS_SOC_AN-7.4: Question 6 - Image 1

A SOC analyst is designing a playbook to filter for a high severity event and attach the event information to an incident.
Which local connector action must the analyst use in this scenario?

A.

Update Asset and Identity

B.

Update Incident

C.

Get Events

D.

Attach Data to Incident

Question 7 of 27

When does FortiAnalyzer generate an event?

A.

When a log matches a filter in a data selector

B.

When a log matches a rule in an event handler

C.

When a log matches an action in a connector

D.

When a log matches a task in a playbook

Question 8 of 27

Refer to the exhibit.
Exam FCSS_SOC_AN-7.4: Question 8 - Image 1

Which two options describe how the Update Asset and Identity Database playbook is configured? (Choose two.)

A.

The playbook is using a FortiMail connector.

B.

The playbook is using a FortiClient EMS connector.

C.

The playbook is using a local connector.

D.

The playbook is using an on-demand trigger.

Question 9 of 27

When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform? (Choose two.)

A.

Configure Fabric authorization on the connecting interface.

B.

Enable log compression.

C.

Configure the data policy to focus on archiving.

D.

Configure log forwarding to a FortiAnalyzer in analyzer mode.

Question 10 of 27

Refer to the exhibit, which shows the partial output of the MITRE ATT&CK Enterprise matrix on FortiAnalyzer.
Exam FCSS_SOC_AN-7.4: Question 10 - Image 1

Which two statements are true? (Choose two.)

A.

There are four techniques that fall under tactic T1071.

B.

There are 15 events associated with the tactic.

C.

There are four subtechniques that fall under technique T1071.

D.

There are event handlers that cover tactic T1071.