How isa subparttern for a rule defined?

• A.Filters Aggregation. Group By definition
• B.Filters Group By definitions. Threshold
• C.Filters Threshold Time Window definitions
• D.FiltersAggregation Time Window definitions

Comment: *

Name: *

Email: *

Verification: *

A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices.
Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

• A.Data Conditions
• B.CMDB Report Conditions
• C.UI Access

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

• A.TELNET
• B.WMI
• C.LDAPS
• D.LDAP start TLS

Comment: *

Name: *

Email: *

Verification: *

In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?

• A.The collector drops incoming events like syslog. but stops performance collection.
• B.The collector processes stop, and events ate dropped.
• C.The collector continues performance collection of devices, but slops receiving syslog.
• D.The collector buffers events

Comment: *

Name: *

Email: *

Verification: *

If FortiSIEM supervisor is deployed with the worker using the proprietary flat file database, which action is required?

• A.Collectors must be deployed
• B.An event database must be placed on NFS
• C.A FortiSIEM service provider license must be obtained
• D.A separate network interface must be used for the storage network

Comment: *

Name: *

Email: *

Verification: *