Free FCSS – Security Operations 7.4 Analyst Exam FCSS_SOC_AN-7.4 Exam Practice Test

When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform? (Choose two.)

• Enable log compression.
• Configure log forwarding to a FortiAnalyzer in analyzer mode.
• Configure the data policy to focus on archiving.
• Configure Fabric authorization on the connecting interface.

Review the following incident report:Attackers leveraged a phishing email campaign targeting your employees.The email likely impersonated a trusted source, such as the IT department, and requested login credentials.An unsuspecting employee clicked a malicious link in the email, leading to the download and execution of a Remote Access Trojan (RAT).The RAT provided the attackers with remote access and a foothold in the compromised system. Which two MITRE ATT&CK tactics does this incident report capture? (Choose two.)

• Initial Access
• Defense Evasion
• Lateral Movement
• Persistence

Your company is doing a security audit To pass the audit, you must take an inventory of all software and applications running on all Windows devicesWhich FortiAnalyzer connector must you use?

• FortiClient EMS
• ServiceNow
• FortiCASB
• Local Host

Which two ways can you create an incident on FortiAnalyzer? (Choose two.)

• Using a connector action
• Manually, on the Event Monitor page
• By running a playbook
• Using a custom event handler

According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?

• Containment
• Analysis
• Eradication
• Recovery

Which role does a threat hunter play within a SOC?

• investigate and respond to a reported security incident
• Collect evidence and determine the impact of a suspected attack
• Search for hidden threats inside a network which may have eluded detection
• Monitor network logs to identify anomalous behavior

A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on FortiGate to block a predefined list of URLs, if a botnet command-and-control (C&C) server IP is detected.Which FortiAnalyzer feature must you use to start this automation process?

• Playbook
• Data selector
• Event handler
• Connector

Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

• Email filter logs
• DNS filter logs
• Application filter logs
• IPS logs
• Web filter logs

Which two types of variables can you use in playbook tasks? (Choose two.)

• input
• Output
• Create
• Trigger

When does FortiAnalyzer generate an event?

• When a log matches a filter in a data selector
• When a log matches an action in a connector
• When a log matches a rule in an event handler
• When a log matches a task in a playbook