New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibit.

Consider a nested event query where both inner and outer queries are event queries.

Reporting IPis selected from the CMDB groupNetwork Device, Event Typeis selected from the CMDB groupLogon Success,andSource IPis selected from the reportFailed Logons to Network Devices.

An administrator is about to execute the nested query. The report time ranges must be set before execution. TheNested Time Rangewill be applied to which attributes?

A.

The nested time range will be configured for the Reporting IP attribute.

B.

The nested time range will be configured for the Reporting IP and Event Type attributes.

C.

The nested time range will be configured for the Source IP attribute.

D.

The nested time range will be configured for the Event Type attribute.

From where does the rule engine load the baseline data values?

A.

The memory

B.

The profile report

C.

The profile database

D.

The daily database

Refer to the exhibit.

An administrator applies the rule exception shown in the exhibit.

How does this configuration impact the incident generation for that rule?

A.

Incidents will not be generated during the specified period.

B.

Incidents will be generated only during the specified period.

C.

Incidents will be generated without triggering an email alert during the specified period.

D.

Events will not be processed by the rule during the specified period.

FortiSIEM provides all rules with the ability to automatically change an active incident status to auto-cleared, based on an extra set of defined criteria.

Why would you configure FortiSIEM to automatically change an active incident status to auto-cleared?

A.

Because availability or performance-related problems may trigger a threshold temporarily.

B.

Because too many active incidents can spike the resource usaqe on FortiSIEM.

C.

Because you need a way to reduce a backlog of incident responses.

D.

Because some security-related incidents occur on a temporary basis.

Which organization do agents belong to after registration? (Choose two.)

A.

The windows agents belong to the super organization.

B.

The agents belong to the organization specified in the agent installation setup wizard for Windows platforms.

C.

The Linux agents belong to the super local organization.

D.

The agents belong to the organization specified in the command line parameters for Linux platforms.

What happens to events that the collector receives when there is a WAN link failure between the collector and the supervisor?

A.

Events are buffered for up to 24 hours.

B.

Events are buffered up to 10 MB before compression.

C.

Events are buffered up to 10.000 logs.

D.

Events are buffered up to 1 GB after compression.

Which statement about EPS bursting is true?

A.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.

B.

FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.

C.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.

D.

FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.