Fortinet NSE 7 - Security Operations 7.6 Architect - NSE7_SOC_AR-7.6 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

Packet captures show a host maintaining periodic TLS sessions that imitate normal HTTPS traffic but run on TCP 8443 to a single external host. An analyst flags the traffic as potential command-and-control. During the same period, the host issues frequent DNS queries with oversized TXT payloads to an attacker-controlled domain, transferring staged files.
Which two MITRE ATT&CK techniques best describe this activity? (Choose two answers)

A. Exploitation of Remote Services B. Non-Standard Port C. Hide Artifacts D. Exfiltration Over Alternative Protocol

Discussion 0

Correct Answer: B,D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 2

Refer to the exhibits.

How is the investigation and remediation output generated on FortiSIEM? (Choose one answer)

A. By using FortiAI to summarize the incident B. By viewing the Context tab of an incident C. By running an incident report D. By exporting an incident

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 3

Refer to the exhibits.

What can you conclude from analyzing the data using the threat hunting module?

A. Spearphishing is being used to elicit sensitive information. B. DNS tunneling is being used to extract confidential data from the local network. C. FTP is being used as command-and-control (C&C) technique to mine for data. D. Reconnaissance is being used to gather victim identity information from the mail server.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 4

Which three are threat hunting activities? (Choose three answers)

A. Automate workflows. B. Generate a hypothesis. C. Enrich records with threat intelligence. D. Perform packet analysis. E. Tune correlation rules.

Discussion 0

Correct Answer: B,C,D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 5

Refer to the exhibit.

You are reviewing the Triggering Events page for a FortiSIEM incident. You want to remove the Reporting IP column because you have only one firewall in the topology. How do you accomplish this? (Choose one answer)

A. Clear the Reporting IP field from the Triggered Attributes section when you configure the Incident Action. B. Disable correlation for the Reporting IP field in the rule subpattern. C. Customize the display columns for this incident. D. Remove the Reporting IP attribute from the raw logs using parsing rules.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 6

Which two types of variables can you use in playbook tasks? (Choose two.)

A. Output B. Trigger C. input D. Create

Discussion 0

Correct Answer: A,C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).