FORTISANDBOX Free Sample Questions

A financial services company is experiencing performance degradation on their FortiSandbox 2000F appliance after enabling analysis for a new branch office, which significantly increased the volume of submitted Microsoft Office documents. The job queue is consistently high, and analysis times have tripled. The administrator has already confirmed that the hardware is not bottlenecked. Which configuration change would most effectively alleviate the high job queue and improve processing throughput for this specific file type?

A security analyst is investigating a malware sample that successfully exfiltrated data. The FortiSandbox report provides a detailed breakdown of the malware's behavior, which is mapped to the MITRE ATT&CK framework. The report notes the following key actions: 1. The malware created a new service to run at startup. 2. The malware connected to a command-and-control server over port 443. 3. The malware captured screenshots of the user's desktop. Which MITRE ATT&CK tactics are directly represented by these three actions? (Select THREE)

During the initial setup of a FortiSandbox appliance, an administrator configures the network interfaces, system time, and DNS settings. However, the appliance is unable to download updated guest VM images from the FortiGuard Distribution Network (FDN). The administrator has verified that the appliance has a valid license and can ping public IP addresses. What is the most likely cause of this issue?

A security architect is designing an integration between a third-party Security Orchestration, Automation, and Response (SOAR) platform and FortiSandbox. The goal is for the SOAR platform to programmatically submit suspicious files, check the analysis status, and retrieve the full PDF report upon completion. Which sequence of API calls is required to accomplish this workflow?

True or False: In a FortiSandbox High Availability (HA) cluster, the primary unit handles all file analysis, while the secondary unit only synchronizes configuration and remains in a passive state until a failover event.

A multinational corporation has deployed FortiSandbox in their central datacenter. They need to analyze malware targeting different regional offices, which use localized versions of Windows. Some malware samples are known to check for specific language packs or regional settings before executing their malicious payload. How can an administrator configure FortiSandbox to effectively analyze these region-specific threats?

An administrator is configuring a FortiGate to send files to FortiSandbox for inspection. They want to ensure that if FortiSandbox is busy or offline, the FortiGate will still allow the file to be downloaded by the user after a timeout, rather than blocking it indefinitely. Which setting on the FortiGate's AntiVirus profile achieves this behavior?

A healthcare organization is required by compliance regulations to store all malware analysis data, including detailed reports and tracer logs, for a minimum of seven years. The organization's FortiSandbox 1000F has limited onboard storage. Which solution allows the organization to meet this long-term retention requirement while integrating with their existing infrastructure?

What is the primary function of the 'Tracer Engine' within the FortiSandbox dynamic analysis environment?

A system administrator is reviewing the scan results for a submitted file and notices the verdict is 'Benign', but the report indicates several suspicious behaviors were detected, such as modifying system files and attempting to disable security software. What is the most likely reason for this discrepancy?