What is a prerequisite for FortiSIEM Linux agent installation?

A. The web server must be installed on the Linux server being monitored

B. The auditd service must be installed on the Linux server being monitored

C. The Linux agent manager server must be installed.

D. Both the web server and the audit service must be installed on the Linux server being monitored

Where do you configure rule notifications and automated remediation on FortiSIEM?

A. Notification policy

B. Remediation policy

C. Notification engine

D. Remediation engine

What are two tasks that you must do to make a secondary FortiSIEM device ready for disaster recovery? (Choose two.)

A. Configure the replication of CMDB database.

B. Configure the replication of license and license entitlements.

C. Configure the replication of FortiSIEM certificates.

D. Configure the replication of profile data.

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?

A. WMI method will collect only traffic and IIS logs.

B. WMI method will collect only DNS logs.

C. WMI method will collect only DHCP logs.

D. WMI method will collect security, application, and system events logs.

A customer is experiencing slow performance while executing long, adhoc analytic searches. Which FortiSIEM component can make the searches run faster?

A. Correlation worker

B. Event worker

C. Storage worker

D. Query worker

Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

A. Seven results will be displayed.

B. There results will be displayed.

C. Unique attribute cannot be grouped.

D. Five results will be displayed.

If an incident’s status is Cleared, what does this mean?

A. Two hours have passed since the incident occurred and the incident has not reoccurred.

B. A clear condition set on a rule was satisfied.

C. A security rule issue has been resolved.

D. The incident was cleared by an operator.

Device discovery information is stored in which database?

A. CMDB

B. Profile DB

C. Event DB

D. SVN DB

Consider the storage of anomaly baseline date that is calculated for different parameters. Which database is used for storing this data?

A. Event DB

B. Profile DB

C. SVNDB

D. CMDB

How is a subpattern for a rule defined?

A. Filters, Aggregation, Group by definitions

B. Filters, Group By definitions, Threshold

C. Filters, Threshold, Time Window definitions

D. Filters, Aggregation, Time Window definitions

An administrator wants to search for events received from Linux and Windows agents. Which attribute should the administrator use in search filters, to view events received from agents only.

A. External Event Receive Protocol

B. Event Received Proto Agents

C. External Event Receive Raw Logs

D. External Event Receive Agents

Refer to the exhibit.

Which section contains the sortings that determine how many incidents are created?

A. Actions

B. Group By

C. Aggregate

D. Filters