NEW QUESTION 1
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

• A. CMDB scan
• B. L2 scan
• C. Range scan
• D. Smart scan

Answer: D

NEW QUESTION 2
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

• A. External Event Receive Protocol
• B. Event Received Proto Agents
• C. External Event Receive Raw Logs
• D. External Event Receive Agents

Answer: A

NEW QUESTION 3
What operating system is FortiSIEM based on?

• A. Cent OS
• B. Microsoft Windows
• C. RedHat
• D. Ubuntu

Answer: A

NEW QUESTION 4
Which FortiSIEM components are capable of performing device discovery?

• A. FortiSIEM Windows agent
• B. Worker
• C. FortiSIEM Linux agent
• D. Collector

Answer: D

NEW QUESTION 5
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

• A. Seven results will be displayed.
• B. There results will be displayed.
• C. Unique attribute cannot be grouped.
• D. Five results will be displayed.

Answer: D

NEW QUESTION 6
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

• A. The keyword is case sensitive Instead of typing TCP in the Value fiel
• B. the administrator should type tcp.
• C. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
• D. The administrator selected - in the Operator column That a the wrong operator.
• E. The administrator selected AND in the Next drop-down lis
• F. This is the wrong boolean operator.

Answer: C

NEW QUESTION 7
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

• A. The Event Receive Time attribute is not available for logs.
• B. The attribute COUNT(Matched event) is an invalid expression.
• C. Unique attributes cannot be grouped.
• D. No RAW Event Log attribute is available for devices.

Answer: C

NEW QUESTION 8
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

• A. TELNET
• B. WMI
• C. LDAPS
• D. LDAP start TLS

Answer: A

NEW QUESTION 9
Device discovery information is stored in which database?

• A. CMDB
• B. Profile DB
• C. Event DB
• D. SVN DB

Answer: A

NEW QUESTION 10
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

• A. Smart scan
• B. Range scan
• C. CMDB scan
• D. L2 scan

Answer: A

NEW QUESTION 11
Which FortiSIEM components can do performance availability and performance monitoring?

• A. Supervisor, worker, and collector
• B. Supervisor and workers only
• C. Supervisor only
• D. Collectors only

Answer: A

NEW QUESTION 12
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

• A. Supervisor
• B. Worker
• C. Collector
• D. Agent

Answer: B

NEW QUESTION 13
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

• A. PH_DEV_MON_PROC_STOP
• B. Postfix-Mail-Slop
• C. Generic_SMTP_Process_Exit
• D. PH_DEV_MON_SMTP_STOP

Answer: A

NEW QUESTION 14
......