Refer to the exhibit.

What is the collector ID?

• A.99
• B.10000
• C.50000
• D.2000

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.
What option is available to the administrator?

• A.Quarantine IP FortiClient
• B.Run the block domain Windows DNS
• C.Run the block MAC FortiOS
• D.Run the block IP FortiOS 5.4

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

Which statement about the rule filters events shown in the exhibit is true?

• A.The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
• B.The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
• C.The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group.
• D.The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down.
How can the administrator bring the processes up?

• A.The administrator needs to run the command phtools --start all on the collector.
• B.Rebooting the collector will bring up the processes.
• C.The collector was not deployed properly and must be redeployed.
• D.The processes will come up after the collector is registered to the supervisor.

Comment: *

Name: *

Email: *

Verification: *

FortiSIEM rules, when triggered, can lead to which of the following actions?

• A.Requesting manual approval for every observed event?
• B.Instantly shutting down all network operations?
• C.Initiating a predefined automated response?
• D.Sending an alert to security administrators?

Comment: *

Name: *

Email: *

Verification: *