Fortinet NSE6_FSM_AN-7.4 - Fortinet NSE 6 - FortiSIEM 7.4 Analyst Exam
Page: 1 / 8
Total 37 questions
Question #1 (Topic: Exam A)
Which data collection method generates the most comprehensive information for FortiSIEM user entity and behavior analytics (UEBA) models?
A. FortiSIEM Linux agent
B. Windows UEBA agent
C. Windows Sysmon
D. Linux log
Answer: B
Question #2 (Topic: Exam A)
When selecting multiple rules at once on FortiSIEM, which actions can you perform?
A. You can change the severity, activate, or deactivate multiple rules at a time.
B. You can view, edit, or activate only one rule at a time
C. You can only activate or deactivate multiple rules at a time.
D. You can only change the severity of multiple rules at a time.
Answer: A
Question #3 (Topic: Exam A)
Refer to the exhibit.
Which event type attribute value will the FortiSIEM parser save for this event?
Which event type attribute value will the FortiSIEM parser save for this event?
A. sysUpTime
B. PH_DEV_MON_SYS_UPTIME
C. phLogDetail
D. PHL_INFO
Answer: B
Question #4 (Topic: Exam A)
Refer to the exhibit.
If you group these events by the Reporting IP, Event Type, and User attributes, how many results will FortiSIEM display?
If you group these events by the Reporting IP, Event Type, and User attributes, how many results will FortiSIEM display?
A. Five
B. Two
C. Six
D. Three
Answer: D
Question #5 (Topic: Exam A)
Refer to the exhibit.
Which two items can be referenced in the incident details when this rule is triggered and creates an incident? (Choose two.)
Which two items can be referenced in the incident details when this rule is triggered and creates an incident? (Choose two.)
A. User
B. Reporting Device
C. Domain Account Lockout
D. Event Type
E. COUNT(Matched Events)
Answer: AB
