Refer to the exhibit.An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.What option is available to the administrator?
Answer(s): C
The incident from FortiSIEM shown in the exhibit is a brute force attack on a FortiGate device. The remediation option available to the administrator is to run the block IP FortiOS 5.4 action, which will block the source IP address of the attacker on the FortiGate device using a firewall policy.
Refer to the exhibit.The window for this rule is 30 minutes.What is this rule tracking?
Answer(s): B
The rule is tracking the WMI response times from Windows devices using a baseline calculation. The rule will trigger an incident if the current WMI response time is greater than or equal to 1.50 times the average WMI response time in the last 30 minutes.
Which three processes are collector processes? (Choose three.)
Answer(s): B,C,E
The collector processes are responsible for receiving, parsing, normalizing, correlating, and monitoring events from various sources. The collector processes are phParser, phRuleMaster, and phMonitorAgent.
Which statement about EPS bursting is true?
FortiSIEM allows EPS bursting to handle event spikes without dropping events or violating the license agreement. EPS bursting means that FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS from previous time intervals.
Post your Comments and Discuss Fortinet NSE7_ADA-6.3 exam with other Community members:
To protect our content from bots for real learners like you, we ask you to register for free. Sign in or sign up now to continue with the NSE7_ADA-6.3 material!