What is this rule tracking?
Refer to the exhibit. The window for this rule is 30 minutes. What is this rule tracking?A . A sudden 50% increase in WMI response times over a 30-minute time window B. A sudden 1.50 times increase in WMI response times over a 30-minute time window C. A sudden 75%...
In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?
In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?A . 30.000 B. 10.000 C. 40.000 D. 20.000View AnswerAnswer: B Explanation: By default, the maximum number of event files stored on the...
What option is available to the administrator?
Refer to the exhibit. An administrator wants to remediate the incident from FortiSIEM shown in the exhibit. What option is available to the administrator?A . Quarantine IP FortiClient B. Run the block MAC FortiOS. C. Run the block IP FortiOS 5.4 D. Run the block domain Windows DNSView AnswerAnswer: C...
How can you invoke an integration policy on FortiSIEM rules?
How can you invoke an integration policy on FortiSIEM rules?A . Through Notification Policy settings B. Through Incident Notification settings C. Through remediation scripts D. Through External Authentication settingsView AnswerAnswer: A Explanation: You can invoke an integration policy on FortiSIEM rules by configuring the Notification Policy settings. You can select...
Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two.)
Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two.)A . Root kit B. Reconnaissance C. Discovery D. BITS Jobs E. PhishingView AnswerAnswer: B, C Explanation: Reconnaissance and Discovery are two Tactics in the MITRE ATT&CK framework. Tactics are the high-level objectives of an adversary, such...
Refer to the exhibit. Click on the calculator button.
Refer to the exhibit. Click on the calculator button. Based on the information provided in the exhibit, calculate the unused events for the next three minutes for a 520 EPS license.A . 72460 B. 73460 C. 74460 D. 71460View AnswerAnswer: B Explanation: The unused events for the next three minutes...
What are the modes of Data Ingestion on FortiSOAR? (Choose three.)
What are the modes of Data Ingestion on FortiSOAR? (Choose three.)A . Rule based B. Notification based C. App Push D. Policy based E. Schedule basedView AnswerAnswer: ABE Explanation: The modes of Data Ingestion on FortiSOAR are notification based, app push, and schedule based. Notification based mode allows FortiSOAR to...
How can you empower SOC by deploying FortiSOAR? (Choose three.)
How can you empower SOC by deploying FortiSOAR? (Choose three.)A . Aggregate logs from distributed systems B. Collaborative knowledge sharing C. Baseline user and traffic behavior D. Reduce human error E. Address analyst skills gapView AnswerAnswer: ACE Explanation: You can empower SOC by deploying FortiSOAR in the following ways: Collaborative...
What is the disadvantage of automatic remediation?
What is the disadvantage of automatic remediation?A . It can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network. B. It is equivalent to running an IPS in monitor-only mode ― watches but does not block. C. External threats or...
How do customers connect to a shared multi-tenant instance on FortiSOAR?
How do customers connect to a shared multi-tenant instance on FortiSOAR?A . The MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices. B. The MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance. C. The customer must...