Page: 1
/ 3
Total 38 questions
Refer to the exhibit.
What do the yellow stars listed in the Monitor column indicate?
- A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully.
- B. A yellow star indicates that a metric was applied during discovery, but data collection has not started.
- C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
- D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
Answer : D
What are the four categories of incidents?
- A. Devices, users, high risk, and low risk
- B. Performance, availability, security, and change
- C. Performance, devices, high risk, and low risk
- D. Security, change, high risk, and low risk
Answer : B
Refer to the exhibit.
A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server.
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
- A. TELNET
- B. WMI
- C. LDAPS
- D. LDAP start TLS
Answer : A
In FortiSIEM enterprise licensing mode, if the link between the collector and data center FortiSIEM cluster a down what happens?
- A. The collector drops incoming events like syslog but stops performance collection.
- B. The collector continues performance collection of devices but stops receiving syslog.
- C. The collector buffers events.
- D. The collector processes stop and events are dropped.
Answer : D
Which database is used for storing anomaly data that is calculated for different parameters, such as traffic and device resource usage running averages and standard deviation values?
- A. Profile DB
- B. Event DB
- C. CMDB
- D. SVN DB
Answer : B
What are the four possible incident status values?
- A. Active, dosed, cleared, open
- B. Active, cleared, cleared manually, system cleared
- C. Active, closed, manual, resolved
- D. Active, auto cleared, manual, false positive
Answer : C
Refer to the exhibit.
An administrator is trying to identify an issue using an expression based on the Expression Builder settings shown in the exhibit. However, the error message shown in the exhibit indicates that the expression is invalid. Which is the correct expression?
- A. Matched Events COUNT ()
- B. Matched Events (COUNT)
- C. COUNT (Matched Events)
- D. (COUNT) Matched Events
Answer : C
If the reported packet loss is between 50% and 98%, which status is assigned to the device in the Availability column of summary dashboard?
- A. Critical status is assigned because of reduction in number of packets received.
- B. Up status is assigned because of received packets.
- C. Degraded status is assigned because of packet loss.
- D. Down status is assigned because of packet loss.
Answer : C
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search. Based on the selected fillers shown in the exhibit, why is the search returning no results?
- A. The wrong option is selected in the Operator column.
- B. Parenthesis are missing.
- C. An invalid IP subnet is typed in the Value column.
- D. The wrong boolean operator is selected in the Next column.
Answer : C
If a performance rule is triggered repeatedly due to high CPU use, what occurs m the incident table?
- A. A new incident is created each time the rule is triggered and the First Seen and Last Seen times are updated.
- B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
- C. A new incident is created based on the Rule Frequency value and the First Seen and Last Seen times are updated.
- D. The Incident Count value increases and the First Seen and Last Seen times are updated.
Answer : A
What operating system is FortiSIEM based on?
- A. CentOS
- B. Microsoft Windows
- C. RedHat
- D. Ubuntu
Answer : A
To determine whether or not syslog is being received from a network device, which is the best command from the backend?
- A. tcpdump
- B. phDeviceTest
- C. netcat
- D. phSyslogRecorder
Answer : A
What is a prerequisite for FortiSIEM Linux agent installation?
- A. The web server must be installed on the Linux server being monitored
- B. The audit service must be installed on the Linux server being monitored
- C. The Linux agent manager server must be installed.
- D. Both the web server and the audit service must be installed on the Linux server being monitored
Answer : D
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices.
Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?
- A. CMBD Reports Conditions
- B. Data Conditions
- C. UI Access
Answer : B
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise.
What components should an administrator consider deploying to assist the supervisor with processing data?
- A. Supervisor
- B. Worker
- C. Collector
- D. Agent
Answer : B
30 days access 