MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Refer to the exhibits.The DOS attack playbook is configured to create an incident when an event handler generates a denial-of-ser/ice (DoS) attack event.Why did the DOS attack playbook fail to execute?
Question2: Refer to the exhibits.You configured a custom event handler and an associated rule to generate events whenever FortiMail detects spam emails. However, you notice that the event handler is generating events for both spam emails and clean emails.Which change must you make in the rule so that it detects only spam emails?
Question3: Which FortiAnalyzer feature uses the SIEM database for advance log analytics and monitoring?
Question4: A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on FortiGate to block a predefined list of URLs, if a botnet command-and-control (C&C) server IP is detected.Which FortiAnalyzer feature must you use to start this automation process?
Question5: Which two ways can you create an incident on FortiAnalyzer? (Choose two.)
Question6: Refer to Exhibit:You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.Which potential problem do you observe?
Question7: Refer to the exhibits.The Malicious File Detect playbook is configured to create an incident when an event handler generates a malicious file detection event.Why did the Malicious File Detect playbook execution fail?
Question8: Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)
Question9: Which two playbook triggers enable the use of trigger events in later tasks as trigger variables? (Choose two.)
Question10: Exhibit:Which observation about this FortiAnalyzer Fabric deployment architecture is true?
Question11: According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?
Question12: Which role does a threat hunter play within a SOC?
Question13: Refer to Exhibit:A SOC analyst is creating the Malicious File Detected playbook to run when FortiAnalyzer generates a malicious file event. The playbook must also update the incident with the malicious file event data.What must the next task in this playbook be?
Question14: Refer to the exhibit.You notice that the custom event handler you configured to detect SMTP reconnaissance activities is creating a large number of events. This is overwhelming your notification system.How can you fix this?
Question15: Refer to the exhibits.You configured a spearphishing event handler and the associated rule. However. FortiAnalyzer did not generate an event.When you check the FortiAnalyzer log viewer, you confirm that FortiSandbox forwarded the appropriate logs, as shown in the raw log exhibit.What configuration must you change on FortiAnalyzer in order for FortiAnalyzer to generate an event?