ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FSM-6.3
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?
Refer to the exhibit. A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
Which command displays the Linux agent status?
What are the four possible incident status values?
Refer to the exhibit. If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
Where do you configure rule notifications and automated remediation on FortiSIEM?
What are the four categories of incidents?
IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?
Refer to the exhibit. Which value will FortiSIEM use to populate the Event Type field?

Question 12 - NSE5_FSM-6.3 discussion

Report
Export

Refer to the exhibits.

Three events are collected over a 10-minute time period from two servers: Server A and Server B.

Based on the settings tor the rule subpattern. how many incidents will the servers generate?

A.
Server A will generate one incident and Server B will generate one incident.
Answers
A.
Server A will generate one incident and Server B will generate one incident.
B.
Server A will generate one incident and Server B will not generate any incidents.
Answers
B.
Server A will generate one incident and Server B will not generate any incidents.
C.
Server B will generate one incident and Server A will not generate any incidents.
Answers
C.
Server B will generate one incident and Server A will not generate any incidents.
D.
Server A will not generate any incidents and Server B will not generate any incidents.
Answers
D.
Server A will not generate any incidents and Server B will not generate any incidents.
Suggested answer: D

Explanation:

Event Collection Overview: The exhibits show three events collected over a 10-minute period from two servers, Server A and Server B.

Rule Subpattern Settings: The rule subpattern specifies two conditions:

AVG(CPU Util) > DeviceToCMDBAttr(Host IP : Server CPU Util Critical Threshold): This checks if the average CPU utilization exceeds the critical threshold defined for each server.

COUNT(Matched Events) >= 2: This requires at least two matching events within the specified period.

Server A Analysis:

Events: Three events (CPU=90, CPU=90, CPU=95).

Average CPU Utilization: (90+90+95)/3 = 91.67, which exceeds the critical threshold of 90.

Matched Events Count: 3, which meets the condition of being greater than or equal to 2.

Incident Generation: Server A meets both conditions, so it generates one incident.

Server B Analysis:

Events: Three events (CPU=70, CPU=50, CPU=60).

Average CPU Utilization: (70+50+60)/3 = 60, which does not exceed the critical threshold of 90.

Matched Events Count: 3, but since the average CPU utilization condition is not met, no incident is generated.

Conclusion: Based on the rule subpattern, Server A will generate one incident, and Server B will not generate any incidents.

Reference: FortiSIEM 6.3 User Guide, Event Correlation Rules and Incident Management sections, which explain how incidents are generated based on rule subpatterns and event conditions.

Show Answer
asked 18/09/2024
Avinash Jindal
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms