Which three processes are collector processes? (Choose three.)
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
Refer to the exhibit. Click on the calculator button.
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.
In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database using a weighted average formula:
New value = (Old value x Old weight) + (New value x New weight) / (Old weight + New weight)
The weight is determined by the number of days in each database. In this case, the profile database has one day of data and the daily database has one day of data, so the weight is equal for both databases. Therefore, the formula simplifies to:
New value = (Old value + New value) / 2
In the profile database, in the Hour of Day column where 9 is the value, the updated minimum, maximum, and average CPU utilization values are:
Min CPU Util = (32.31 + 32.31) / 2 = 32.31 Max CPU Util = (33.50 + 33.50) / 2 = 33.50 AVG CPU Util = (32.67 + 32.67) / 2 = 32.67
Refer to the exhibit.
An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down.
How can the administrator bring the processes up?
The collector processes are dependent on the registration with the supervisor. The phMonitor process is responsible for registering the collector to the supervisor and monitoring the health of other processes. After the registration is successful, the phMonitor will start the other processes on the collector.
How do customers connect to a shared multi-tenant instance on FortiSOAR?
To connect to a shared multi-tenant instance on FortiSOAR, the MSSP must install an agent node on the customer's network. The agent node acts as a proxy between the customer's devices and the FortiSOAR manager node. The agent node also performs data collection, enrichment, and normalization for the customer's data sources. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 11
Refer to the exhibit.
Is the Windows agent delivering event logs correctly?
The windows agent is not delivering event logs correctly because the agent is unmanaged, meaning it is not assigned to any organization or customer. The supervisor will drop the logs silently from unmanaged agents, as they are not associated with any valid license or CMDB.