Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

Home Exams Contribute Leaderboard

Home Exams Contribute Leaderboard Login

Loading questions...

info@examcademy.com

Features

Contribute Questions Leaderboard

Community

Discord

YouTube

Legal

ExamCademy is not affiliated with or endorsed by any certification providers. All trademarks are the property of their respective owners.

FCSS-SOC-AN-7-4 by Fortinet - Page 1 | ExamCademy | ExamCademy

Exams
Fortinet
FCSS-SOC-AN-7-4

FCSS-SOC-AN-7-4Preview

By Fortinet

Updated

25Q per page

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Want a break from the ads?

Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.

Go ad-free

Question 6

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Page 1 of 2 • Questions 1-25 of 27

1 2

→

Know a question that should be here? Contribute to this exam

Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

A Web filter logs
B Email filter logs
C DNS filter logs
D Application filter logs
E IPS logs

Refer to the exhibit.

Question Image

Assume that all devices in the FortiAnalyzer Fabric are shown in the image.
Which two statements about the FortiAnalyzer Fabric deployment are true? (Choose two.)

A FortiGate-B1 and FortiGate-B2 are in a Security Fabric.
B There is no collector in the topology.
C All FortiGate devices are directly registered to the supervisor.
D FAZ-SiteA has two ADOMs enabled.

Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.)

A The supervisor uses an API to store logs, incidents, and events locally.
B Downstream collectors can forward logs to Fabric members.
C Logging devices must be registered to the supervisor.
D Fabric members must be in analyzer mode.

Which two ways can you create an incident on FortiAnalyzer? (Choose two.)

A Using a custom event handler
B Using a connector action
C By running a playbook
D Manually, on the Event Monitor page

According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.
In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?

A Containment
B Recovery
C Analysis
D Eradication

Refer to the exhibit.

Question Image

You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?

A The archive retention period is too long.
B The analytics-to-archive ratio is misconfigured.
C The disk space allocated is insufficient.
D The analytics retention period is too long.