EMT Practice Test

1. Question Content...


Question List

Question1: What is the primary goal of a Security Operations Center (SOC) when analyzing security incidents?

Question2: Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.)

Question3: Which MITRE ATT&CK tactic involves an adversary trying to maintain their foothold within a network?

Question4: Which outcome indicates successful integration of connectors in a SOC playbook?

Question5: What should be a priority when configuring playbook tasks to ensure effective SOC automation?

Question6: A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on FortiGate to block a predefined list of URLs, if a botnet command-and-control (C&C) server IP is detected.
Which FortiAnalyzer feature must you use to start this automation process?

Question7: Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

Question8: Which two playbook triggers enable the use of trigger events in later tasks as trigger variables? (Choose two.)

Question9: How does identifying adversary behavior benefit SOC operations in terms of incident response?

Question10: When configuring playbook triggers, what factor is essential to optimize the efficiency of automated responses?

Question11: In designing a stable FortiAnalyzer deployment, what factor is most critical?

Question12: You are tasked with configuring automation to quarantine infected endpoints.
Which two Fortinet SOC components can work together to fulfill this task?
(Choose two.)

Question13: In configuring FortiAnalyzer collectors, what should be prioritized to manage large volumes of data efficiently?

Question14: Refer to the exhibits.

The Malicious File Detect playbook is configured to create an incident when an event handler generates a malicious file detection event.
Why did the Malicious File Detect playbook execution fail?

Question15: Configuring playbook triggers correctly is crucial for which aspect of SOC automation?

Question16: During a security incident analysis, if an adversary's behavior is identified as 'Credential Dumping', it maps to which MITRE ATT&CK technique?

Question17: Refer to Exhibit:

You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?

Question18: What is the impact of poorly configured playbook triggers in a SOC environment?

Question19: Refer to the Exhibit:

An analyst wants to create an incident and generate a report whenever FortiAnalyzer generates a malicious attachment event based on FortiSandbox analysis. The endpoint hosts are protected by FortiClient EMS integrated with FortiSandbox. All devices are logging to FortiAnalyzer.
Which connector must the analyst use in this playbook?

Question20: Which feature is most important when selecting a connector for integration into a SOC playbook?

Question21: Which elements should be included in an effective SOC report?
(Choose Three)

Question22: What is the primary role of managing playbook templates in a SOC?

Question23: Refer to the exhibit,

which shows the partial output of the MITRE ATT&CK Enterprise matrix on FortiAnalyzer.
Which two statements are true? (Choose two.)

Question24: When designing a FortiAnalyzer Fabric deployment, what is a critical consideration for ensuring high availability?

Question25: Refer to the exhibit.

Which two options describe how the Update Asset and Identity Database playbook is configured? (Choose two.)

Question26: In managing connectors within a SOC, what is a key benefit of ensuring proper integration?

Question27: Refer to the exhibits.

The DOS attack playbook is configured to create an incident when an event handler generates a denial-of-ser/ice (DoS) attack event.
Why did the DOS attack playbook fail to execute?

Question28: How do event handlers improve the efficiency of SOC operations?

Question29: Which feature should be prioritized when configuring collectors in a high-traffic network environment?

Question30: Which MITRE ATT&CK technique category involves collecting information about the environment and systems?

Question31: Which trigger type requires manual input to run a playbook?

Question32: Which two ways can you create an incident on FortiAnalyzer? (Choose two.)

Question33: How do playbook templates benefit SOC operations?

Question34: Exhibit:

Which observation about this FortiAnalyzer Fabric deployment architecture is true?

Question35: Refer to the exhibits.

The FortiMail Sender Blocklist playbook is configured to take manual input and add those entries to the FortiMail abc. com domain-level block list. The playbook is configured to use a FortiMail connector and the ADD_SENDER_TO_BLOCKLIST action.
Why is the FortiMail Sender Blocklist playbook execution failing7

Question36: What is the primary purpose of configuring playbook triggers in SOC automation?

Question37: Which configuration would enhance the efficiency of a FortiAnalyzer deployment in terms of data throughput?

Question38: What is a key consideration when designing a scalable FortiAnalyzer deployment?

Question39: What is the primary function of event handlers in a SOC operation?

Question40: Which National Institute of Standards and Technology (NIST) incident handling phase involves removing malware and persistence mechanisms from a compromised host?

Question41: When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform? (Choose two.)