● FCSS Advanced Analytics 6.7 Architect Exam Materials

The Actual questions for FCSS Advanced Analytics 6.7 Architect Exam Materials (FCSS_ADA_AR-6.7) - Updated Weekly
Question #1
Comment Image Comment Image

On which disk are the SQLite databases that are used for the baselining stored? (Choose one answer)

  • A. Disk2
  • B. Disk4
  • C. Disk3
  • D. Disk1

Question #2
Comment Image Comment Image

How can you empower SOC by deploying FortiSOAR? (Choose three answers)

  • A. Aggregate logs from distributed systems
  • B. Collaborative knowledge sharing
  • C. Baseline user and traffic behavior
  • D. Reduce human error
  • E. Address analyst skills gap

Question #3
Comment Image Comment Image

Which three processes are collector processes? (Choose three answers)

  • A. phMonitorAgent
  • B. phParser
  • C. phReportMaster
  • D. phAgentManager
  • E. phRuleMaster

Question #4
Comment Image Comment Image

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three answers)

  • A. The supervisor does not initiate any connections to the collector node.
  • B. Collectors communicate periodically with the supervisor node.
  • C. The only communication between the collector and the supervisor is during the registration process.
  • D. Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node.
  • E. The supervisor periodically checks the health of the collector.

Question #5
Comment Image Comment Image

Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose one answer)

  • A. phFortiInsightAI
  • B. phReportMaster
  • C. phRuleMaster
  • D. phAnomaly
  • E. phRuleWorker

Question #6
Comment Image Comment Image

Refer to the exhibit.

If the Z-score for this rule is greater than or equal to three, what does this mean? (Choose one answer)

  • A. The rate of firewall connection is optimum.
  • B. The rate of firewall connection is above the historical average value.
  • C. The rate of firewall connection is above the current average value.
  • D. The rate of firewall connection is below historical average value.

Question #7
Comment Image Comment Image

Refer to the exhibit.
The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window: (Choose one answer)

  • A. 1
  • B. 2
  • C. 0
  • D. 3

Question #8
Comment Image Comment Image

Refer to the exhibit. Click on the calculator button.

The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.

In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values? (Choose one answer)

  • A. Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=33.50
  • B. Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=32.67
  • C. Min CPU Util=32.31, Max CPU Util=32.31 and AVG CPU Util=32.31
  • D. Min CPU Util=33.50, Max CPU Util=33.50 and AVG CPU Util=33.50

Question #9
Comment Image Comment Image

What are the modes of Data Ingestion on FortiSOAR? (Choose three answers)

  • A. Rule based
  • B. Notification based
  • C. App Push
  • D. Policy based
  • E. Schedule based

Question #10
Comment Image Comment Image

Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two answers)

  • A. Rootkit
  • B. Reconnaissance
  • C. Discovery
  • D. BITS Jobs
  • E. Phishing