NEW QUESTION 1
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

• A. Eight results will be displayed
• B. Four results will be displayed
• C. Two results will be displayed
• D. Unique attributes cannot be grouped

Answer: D

NEW QUESTION 2
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

• A. Smart scan
• B. Range scan
• C. CMDB scan
• D. L2 scan

Answer: A

NEW QUESTION 3
To determine whether or not syslog is being received from a network device, which is the best command from the backend?

• A. tcpdump
• B. phDeviceTest
• C. netcat
• D. phSyslogRecorder

Answer: A

NEW QUESTION 4
Device discovery information is stored in which database?

• A. CMDB
• B. Profile DB
• C. Event DB
• D. SVN DB

Answer: A

NEW QUESTION 5
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

• A. PH_DEV_MON_PROC_STOP
• B. Postfix-Mail-Slop
• C. Generic_SMTP_Process_Exit
• D. PH_DEV_MON_SMTP_STOP

Answer: A

NEW QUESTION 6
What protocol can be used to collect Windows event logs in an agentless method?

• A. SSH
• B. SNMP
• C. WMI
• D. SMTP

Answer: C

NEW QUESTION 7
Which protocol is almost always required for the FortiSIEM GUI discovery process?

• A. SNMP
• B. WMI
• C. Syslog
• D. Telnet

Answer: A

NEW QUESTION 8
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

• A. TELNET
• B. WMI
• C. LDAPS
• D. LDAP start TLS

Answer: A

NEW QUESTION 9
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

• A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
• B. A yellow star indicates that a metric was applied during discovery, but data collection has not started
• C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
• D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: B

NEW QUESTION 10
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

• A. Profile DB
• B. Event DB
• C. CMDB
• D. SVN DB

Answer: A

NEW QUESTION 11
Which FortiSIEM components are capable of performing device discovery?

• A. FortiSIEM Windows agent
• B. Worker
• C. FortiSIEM Linux agent
• D. Collector

Answer: D

NEW QUESTION 12
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• A. UDP9999
• B. UDP 162
• C. TCP 514
• D. UDP 514
• E. TCP 1470

Answer: CDE

NEW QUESTION 13
If an incident’s status is Cleared, what does this mean?

• A. Two hours have passed since the incident occurred and the incident has not reoccurred.
• B. A clear condition set on a rule was satisfied.
• C. A security rule issue has been resolved.
• D. The incident was cleared by an operator.

Answer: B

NEW QUESTION 14
......