ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FSM-6.3
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?
Refer to the exhibit. A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
Where do you configure rule notifications and automated remediation on FortiSIEM?
Which command displays the Linux agent status?
What are the four possible incident status values?
Refer to the exhibit. If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?
What are the four categories of incidents?
IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?
Refer to the exhibit. Which value will FortiSIEM use to populate the Event Type field?

Question 10 - NSE5_FSM-6.3 discussion

Report
Export

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

A.
A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.
Answers
A.
A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.
B.
A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.
Answers
B.
A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.
C.
The Incident Count value increases, and the First Seen and Last Seen times update.
Answers
C.
The Incident Count value increases, and the First Seen and Last Seen times update.
D.
The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
Answers
D.
The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
Suggested answer: C

Explanation:

Incident Management in FortiSIEM: FortiSIEM tracks incidents and their occurrences to help administrators manage and respond to recurring issues.

Performance Rule Triggering: When a performance rule, such as one for high CPU usage, is repeatedly triggered, FortiSIEM updates the corresponding incident rather than creating a new one each time.

Incident Table Updates:

Incident Count: The Incident Count value increases each time the rule is triggered, indicating how many times the incident has occurred.

First Seen and Last Seen Times: These timestamps are updated to reflect the first occurrence and the most recent occurrence of the incident.

Reference: FortiSIEM 6.3 User Guide, Incident Management section, explains how FortiSIEM handles recurring incidents and updates the incident table accordingly.

Show Answer
asked 18/09/2024
Dennis Valencia
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms