● FCSS Advanced Analytics 6.7 Architect Exam Materials
Please note that the exam "FCSS Advanced Analytics 6.7 Architect Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE. It has been replaced by the exam "NSE 7 - Security Operations 7.6 Architect ", so we opened it on free view,
The new exam version is available on Brave-Dumps and can be purchased.
❌ Please do not order: FCSS Advanced Analytics 6.7 Architect
✅ Please order: NSE 7 - Security Operations 7.6 Architect
The new exam version is available on Brave-Dumps and can be purchased.
❌ Please do not order: FCSS Advanced Analytics 6.7 Architect
✅ Please order: NSE 7 - Security Operations 7.6 Architect
Question #21
Question #22
Which statement about EPS bursting is true? (Choose one answer)
- A. FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.
- B. FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.
- C. FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.
- D. FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.
Question #23
What happens to UEBA events when a user is off-net? (Choose one answer)
- A. The agent will upload the events to the Worker if it cannot upload them to a FortiSIEM collector
- B. The agent will cache events locally if it cannot upload them to a FortiSIEM collector
- C. The agent will upload the events to the Supervisor if it cannot upload them to a FortiSIEM collector
- D. The agent will drop the events if it cannot upload them to a FortiSIEM collector
Question #24
From where does the rule engine load the baseline data values? (Choose one answer)
- A. The profile report
- B. The daily database
- C. The profile database
- D. The memory
Question #25
Which three statements about phRuleMaster are true? (Choose three answers)
- A. phRuleMaster queues up the data being received from the phRuleWorkers into buckets.
- B. phRuleMaster is present on the supervisor and workers.
- C. phRuleMaster is present on the supervisor only.
- D. phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.
- E. phRuleMaster wakes up to evaluate all the rule data in parallel, every 30 seconds.
Question #26
Refer to the exhibit.
The exhibit shows the output of an SQL command that an administrator ran to view the natural_id value, after logging into the Postgres database.
What does the natural_id value identify?
(Choose one answer)
- A. The supervisor
- B. The worker
- C. An agent
- D. The collector
Question #27
How do customers connect to a shared multi-tenant instance on FortiSOAR? (Choose one answer)
- A. The MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices.
- B. The MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance.
- C. The customer must install a tenant node to connect to the MSSP shared multi-tenant instance.
- D. The MSSP must install an agent node on the customer's network to connect to the customer's shared multi-tenant instance.
Question #28
Refer to the exhibit.
The service provider deployed FortiSIEM without a collector and added three customers on the supervisor.
What mistake did the administrator make?
(Choose one answer)
- A. Customer A and customer B have overlapping IP addresses.
- B. Collectors must be deployed on all customer premises before they are added to organizations on the supervisor.
- C. The number of workers on the FortiSIEM cluster must match the number of customers added.
- D. At least one collector must be deployed to collect logs from service provider infrastructure devices.
Question #29
Refer to the exhibit.
Which statement about the rule filters events shown in the exhibit is true?
(Choose one answer)
- A. The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
- B. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
- C. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
- D. The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Question #30
Refer to the exhibit.
Why was this incident auto cleared?.
(Choose one answer)
- A. The original rule did not trigger within five minutes
- B. Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP
- C. Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP
- D. Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern
Refer to the exhibit.
An administrator runs an analytic search for all FortiGate SSL VPN logon failures. The results are grouped by source IP, reporting IP, and user. The administrator wants to restrict the results to only those rows where the COUNT >= 3.
Which user would meet that condition? (Choose one answer)