* Incident Categories in FortiSIEM: Incidents in FortiSIEM are categorized to help administrators quickly identify and prioritize the type of issue. * Four Main Categories: Performance: Incidents related to the performance of devices and applications, such as high CPU usage or memory utilization. Availability: Incidents affecting the availability of services or devices, such as downtime or connectivity issues. Security: Incidents related to security events, such as failed login attempts, malware detection, or unauthorized access. Change: Incidents triggered by changes in the configuration or state of devices, such as new software installations or configuration modifications. * Importance of Categorization: These categories help in the efficient management and response to different types of incidents, allowing for better resource allocation and quicker resolution. * Reference: FortiSIEM 6.3 User Guide, Incident Management section, which details the different categories of incidents and their significance.
Question 37
What is the best discovery scan option for a network environment where ping is disabled on all network devices?
Correct Answer: A
Question 38
If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?
Correct Answer: B
Question 39
Which protocol is almost always required for the FortiSIEM GUI discovery process?
Correct Answer: D
Question 40
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
Correct Answer: C,D,E
* Syslog Ports: Syslog messages can be sent over different ports using TCP or UDP protocols. * Common Ports for Syslog: UDP 514: This is the default port for sending syslog messages over UDP. TCP 514: This is the default port for sending syslog messages over TCP, providing a more reliable transmission. TCP 1470: This port is often used for secure or alternative syslog transmission. * Usage in FortiSIEM: FortiSIEM can be configured to receive syslog messages on these ports to ensure the logs are collected from various network devices. * Reference: FortiSIEM 6.3 User Guide, Syslog Integration section, which details the supported ports for syslog transmission.
