NEW QUESTION 23
Which FortiSIEM components are capable of performing device discovery?

NEW QUESTION 24
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

NEW QUESTION 25
If an incident’s status is Cleared, what does this mean?

NEW QUESTION 26
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

NEW QUESTION 27
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

NEW QUESTION 28
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

NEW QUESTION 29
Which protocol is almost always required for the FortiSIEM GUI discovery process?

NEW QUESTION 30
Which item is required to register a FortiSIEM appliance license?

NEW QUESTION 31
What is a prerequisite for FortiSIEM Linux agent installation?

NEW QUESTION 32
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

NEW QUESTION 33
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

NEW QUESTION 34
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

NEW QUESTION 35
What are the four possible incident status values?

NEW QUESTION 36
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

NEW QUESTION 37
Which process converts Raw log data to structured data?

NEW QUESTION 38
If an incident’s status is Cleared, what does this mean?

NEW QUESTION 39
What protocol can be used to collect Windows event logs in an agentless method?

NEW QUESTION 40
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

NEW QUESTION 41
Which process converts Raw log data to structured data?

NEW QUESTION 42
What are the four categories of incidents?

NEW QUESTION 43
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

NEW QUESTION 44
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

NEW QUESTION 45
Which FortiSIEM components can do performance availability and performance monitoring?