What is the best discovery scan option for a network environment where ping is disabled on all network devices?

1. A. Smart scan
2. B. Range scan
3. C. CMDB scan
4. D. L2 scan

Correct Answer: A

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

1. A. PH_DEV_MON_PROC_STOP
2. B. Postfix-Mail-Slop
3. C. Generic_SMTP_Process_Exit
4. D. PH_DEV_MON_SMTP_STOP

Correct Answer: A

What operating system is FortiSIEM based on?

1. A. Cent OS
2. B. Microsoft Windows
3. C. RedHat
4. D. Ubuntu

Correct Answer: A

Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

1. A. Matched Events COUNT()
2. B. Matched Events(COUNT)
3. C. COUNT(Matched Events)
4. D. (COUNT) Matched Events

Correct Answer: C
Expression Builder in FortiSIEM: The Expression Builder is used to create expressions for analyzing event data.
Correct Syntax: The correct syntax for counting matched events is COUNT(Matched Events).
Function: COUNT is a function that takes a parameter, in this case, 'Matched Events,' to count the number of occurrences.
Common Errors: Incorrect syntax, such as reversing the order or using parentheses improperly, can lead to invalid expressions.
References: FortiSIEM 6.3 User Guide, Expression Builder section, which explains the correct syntax and usage for creating valid expressions for event analysis.

What does the Frequency field determine on a rule?

1. A. How often the rulewill evaluate the subpattern.
2. B. How often the rule will trigger for the same condition.
3. C. How often the rule will trigger.
4. D. How often the rule will take a clear action.

Correct Answer: A
Rule Evaluation in FortiSIEM: Rules in FortiSIEM are evaluated periodically to check if the defined conditions or subpatterns are met.
Frequency Field: The Frequency field in a rule determines the interval at which the rule's subpattern will be evaluated.
Evaluation Interval: This defines how often the system will check the incoming events against the rule's subpattern to determine if an incident should be triggered.
Impact on Performance: Setting an appropriate frequency is crucial to balance between timely detection of incidents and system performance.
Examples:
If the Frequency is set to 5 minutes, the rule will evaluate the subpattern every 5 minutes.
This means that every 5 minutes, the system will check if the conditions defined in the subpattern are met by the incoming events.
References: FortiSIEM 6.3 User Guide, Rules and Incidents section, which explains the Frequency field and how it impacts the evaluation of subpatterns in rules.