What happens to UEBA events when a user is off-net?

• A.The agent will upload the events to the Worker if it cannot upload them to a FortiSIEM collector
• B.The agent will cache events locally if it cannot upload them to a FortiSIEM collector
• C.The agent will upload the events to the Supervisor if it cannot upload them to a FortiSIEM collector
• D.The agent will drop the events if it cannot upload them to a FortiSIEM collector

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

Which statement about the rule filters events shown in the exhibit is true?

• A.The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
• B.The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
• C.The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
• D.The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.

Comment: *

Name: *

Email: *

Verification: *

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

• A.30.000
• B.10.000
• C.40.000
• D.20.000

Comment: *

Name: *

Email: *

Verification: *

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

• A.Rule based
• B.Notification based
• C.App Push
• D.Policy based
• E.Schedule based

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

Is the Windows agent delivering event logs correctly?

• A.The logs are buffered by the agent and will be sent once the status changes to managed.
• B.The agent is registered and it is sending logs correctly.
• C.The agent is not sending logs because it did not receive a monitoring template.
• D.Because the agent is unmanaged. the logs are dropped silently by the supervisor.

Comment: *

Name: *

Email: *

Verification: *