Download Fortinet NSE 7 -Advanced Analytics 6-3.NSE7_ADA-6.3.VCEplus.2023-11-24.18q.vcex

Vendor: Fortinet
Exam Code: NSE7_ADA-6.3
Exam Name: Fortinet NSE 7 -Advanced Analytics 6-3
Date: Nov 24, 2023
File Size: 2 MB
Downloads: 2

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)
  1. The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.
  2. The device limit is only applicable to enterprise edition.
  3. The device limit is based on the license type that was purchased from Fortinet.
  4. The device limit is defined for the whole system and is shared by every customer on a service provider edition.
Correct answer: BC
Explanation:
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
Question 2
Refer to the exhibit. 
 
Which statement about the rule filters events shown in the exhibit is true?
  1. The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
  2. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
  3. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group. 
  4. The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Correct answer: B
Explanation:
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
Question 3
Refer to the exhibit. 
 
Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?
  1. The device was not uninstalled properly 
  2. The device must be deleted from backend of FortiSIEM
  3. The device has performance jobs assigned
  4. The device must be deleted manually from the CMDB
Correct answer: D
Explanation:
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
Question 4
Which syntax will register a collector to the supervisor?
  1. phProvisionCollector --add
  2. phProvisionCollector --add
  3. phProvisionCollector --add
  4. phProvisionCollector --add
Correct answer: B
Explanation:
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
Question 5
What is Tactic in the MITRE ATT&CK framework?
  1. Tactic is how an attacker plans to execute the attack
  2. Tactic is what an attacker hopes to achieve
  3. Tactic is the tool that the attacker uses to compromise a system
  4. Tactic is a specific implementation of the technique
Correct answer: B
Explanation:
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Question 6
Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)
  1. phFortiInsightAI
  2. phReportMaster
  3. phRuleMaster
  4. phAnomaly
  5. phRuleWorker
Correct answer: AD
Explanation:
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
Question 7
Which three statements about phRuleMaster are true? (Choose three.)
  1. phRuleMaster queues up the data being received from the phRuleWorkers into buckets.
  2. phRuleMaster is present on the supervisor and workers.
  3. phRuleMaster is present on the supervisor only
  4. phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.
  5. phRuleMaster wakes up to evaluate all the rule data in parallel, even/ 30 seconds
Correct answer: ABE
Explanation:
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
Question 8
Which three processes are collector processes? (Choose three.)
  1. phAgentManaqer
  2. phParser
  3. phRuleMaster
  4. phReportM aster
  5. phMonitorAgent
Correct answer: BCE
Explanation:
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
Question 9
Which statement about EPS bursting is true?
  1. FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.
  2. FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.
  3. FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.
  4. FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.
Correct answer: C
Explanation:
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
Question 10
On which disk are the SQLite databases that are used for the baselining stored?
  1. Disk1
  2. Disk4
  3. Disk2
  4. Disk3
Correct answer: D
Explanation:
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
Question 11
Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)
  1. The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.
  2. The device limit is only applicable to enterprise edition.
  3. The device limit is based on the license type that was purchased from Fortinet.
  4. The device limit is defined for the whole system and is shared by every customer on a service provider edition.
Correct answer: BC
Explanation:
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
Question 12
Refer to the exhibit. 
 
Which statement about the rule filters events shown in the exhibit is true?
  1. The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
  2. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
  3. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group. 
  4. The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Correct answer: B
Explanation:
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
Question 13
Refer to the exhibit. 
 
Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?
  1. The device was not uninstalled properly 
  2. The device must be deleted from backend of FortiSIEM
  3. The device has performance jobs assigned
  4. The device must be deleted manually from the CMDB
Correct answer: D
Explanation:
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
Question 14
Which syntax will register a collector to the supervisor?
  1. phProvisionCollector --add
  2. phProvisionCollector --add
  3. phProvisionCollector --add
  4. phProvisionCollector --add
Correct answer: B
Explanation:
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
Question 15
What is Tactic in the MITRE ATT&CK framework?
  1. Tactic is how an attacker plans to execute the attack
  2. Tactic is what an attacker hopes to achieve
  3. Tactic is the tool that the attacker uses to compromise a system
  4. Tactic is a specific implementation of the technique
Correct answer: B
Explanation:
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Question 16
Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)
  1. phFortiInsightAI
  2. phReportMaster
  3. phRuleMaster
  4. phAnomaly
  5. phRuleWorker
Correct answer: AD
Explanation:
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
Question 17
Which three statements about phRuleMaster are true? (Choose three.)
  1. phRuleMaster queues up the data being received from the phRuleWorkers into buckets.
  2. phRuleMaster is present on the supervisor and workers.
  3. phRuleMaster is present on the supervisor only
  4. phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.
  5. phRuleMaster wakes up to evaluate all the rule data in parallel, even/ 30 seconds
Correct answer: ABE
Explanation:
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
Question 18
Which three processes are collector processes? (Choose three.)
  1. phAgentManaqer
  2. phParser
  3. phRuleMaster
  4. phReportM aster
  5. phMonitorAgent
Correct answer: BCE
Explanation:
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
Question 19
Which statement about EPS bursting is true?
  1. FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.
  2. FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.
  3. FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.
  4. FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.
Correct answer: C
Explanation:
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
Question 20
On which disk are the SQLite databases that are used for the baselining stored?
  1. Disk1
  2. Disk4
  3. Disk2
  4. Disk3
Correct answer: D
Explanation:
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
Question 21
Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)
  1. The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.
  2. The device limit is only applicable to enterprise edition.
  3. The device limit is based on the license type that was purchased from Fortinet.
  4. The device limit is defined for the whole system and is shared by every customer on a service provider edition.
Correct answer: BC
Explanation:
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
The device limit is a feature of the enterprise edition of FortiSIEM that restricts the number of devices that can be added to the system based on the license type. The device limit does not apply to the service provider edition, which allows unlimited devices per customer. The device limit is determined by the license type that was purchased from Fortinet, such as 100 devices, 500 devices, or unlimited devices.
Question 22
Refer to the exhibit. 
 
Which statement about the rule filters events shown in the exhibit is true?
  1. The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
  2. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
  3. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group. 
  4. The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Correct answer: B
Explanation:
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.
Question 23
Refer to the exhibit. 
 
Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?
  1. The device was not uninstalled properly 
  2. The device must be deleted from backend of FortiSIEM
  3. The device has performance jobs assigned
  4. The device must be deleted manually from the CMDB
Correct answer: D
Explanation:
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.
Question 24
Which syntax will register a collector to the supervisor?
  1. phProvisionCollector --add
  2. phProvisionCollector --add
  3. phProvisionCollector --add
  4. phProvisionCollector --add
Correct answer: B
Explanation:
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node. 
Question 25
What is Tactic in the MITRE ATT&CK framework?
  1. Tactic is how an attacker plans to execute the attack
  2. Tactic is what an attacker hopes to achieve
  3. Tactic is the tool that the attacker uses to compromise a system
  4. Tactic is a specific implementation of the technique
Correct answer: B
Explanation:
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Question 26
Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)
  1. phFortiInsightAI
  2. phReportMaster
  3. phRuleMaster
  4. phAnomaly
  5. phRuleWorker
Correct answer: AD
Explanation:
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
The processes associated with Machine Learning/AI on FortiSIEM are phFortiInsightAI and phAnomaly. phFortiInsightAI is responsible for detecting anomalous user behavior using UEBA (User and Entity Behavior Analytics) techniques. phAnomaly is responsible for detecting anomalous network behavior using NTA (Network Traffic Analysis) techniques. 
Question 27
Which three statements about phRuleMaster are true? (Choose three.)
  1. phRuleMaster queues up the data being received from the phRuleWorkers into buckets.
  2. phRuleMaster is present on the supervisor and workers.
  3. phRuleMaster is present on the supervisor only
  4. phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.
  5. phRuleMaster wakes up to evaluate all the rule data in parallel, even/ 30 seconds
Correct answer: ABE
Explanation:
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
phRuleMaster is a process that performs rule evaluation and incident generation on FortiSIEM. phRuleMaster queues up the data being received from the phRuleWorkers into buckets based on time intervals, such as one minute, five minutes, or ten minutes. phRuleMaster is present on both the supervisor and workers nodes of a FortiSIEM cluster. phRuleMaster wakes up every 30 seconds to evaluate all the rule data in parallel using multiple threads.
Question 28
Which three processes are collector processes? (Choose three.)
  1. phAgentManaqer
  2. phParser
  3. phRuleMaster
  4. phReportM aster
  5. phMonitorAgent
Correct answer: BCE
Explanation:
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
Question 29
Which statement about EPS bursting is true?
  1. FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.
  2. FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.
  3. FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.
  4. FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.
Correct answer: C
Explanation:
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
Question 30
On which disk are the SQLite databases that are used for the baselining stored?
  1. Disk1
  2. Disk4
  3. Disk2
  4. Disk3
Correct answer: D
Explanation:
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!