Question No 1

Review the incident report An attacker identified employee names, roles, and email patterns from public press releases, which were then used to craft tailored emails. The emails were directed to recipients to review an attached agenda using a link hosted off the corporate domain. Which two MITRE ATT&CK tactics best fit this report? (Choose two answers)

Choose the Choices:

Question No 2

Which three are threat hunting activities? (Choose three answers)

Choose the Choices:

Enrich records with threat intelligence.

Automate workflows.

Generate a hypothesis.

Perform packet analysis.

Tune correlation rules.

Question No 3

Refer to the exhibit.

How do you add a piece of evidence to the Action Logs Marked As Evidence area? (Choose one answer)

Choose the Choices:

By tagging output or a workspace comment with the keyword Evidence

By linking an indicator to the war room

By creating an evidence collection task and attaching a file

By executing a playbook with the Save Execution Logs option enabled

Question No 4

Refer to the exhibits.

Assume that the traffic flows are identical, except for the destination IP address. There is only one FortiGate in network address translation (NAT) mode in this environment. Based on the exhibits, which two conclusions can you make about this FortiSIEM incident? (Choose two answers)

Choose the Choices:

The client 10.200.3.219 is conducting active reconnaissance.

FortiGate is not routing the packets to the destination hosts.

The destination hosts are not responding.

FortiGate is blocking the return flows.

Question No 5

When you use a manual trigger to save user input as a variable, what is the correct Jinja expression to reference the variable? (Choose one answer)

Choose the Choices:

Practice Fortinet NSE7_SOC_AR-7.6 Exam Questions

Question No 1

Question No 2

Question No 3

Question No 4

Question No 5

NSE7_SOC_AR-7.6 Exam Features

NSE7_SOC_AR-7.6 PDF Dumps