Fortinet Exam NSE5_FSM-6.3 Topic 3 Question 20 Discussion

Actual exam question for Fortinet's NSE5_FSM-6.3 exam

Question #: 20
Topic #: 3

[All NSE5_FSM-6.3 Questions]

Where must you configure rule notifications and automated remediation on FortiSIEM?

ANotification engine

BResponse policies

CEmail and scripting alerts

DNotification policy

Show Suggested Answer

Suggested Answer: C, D, E

Advanced Analytical Rules Engine: FortiSIEM's rules engine allows for complex event correlation using multiple subpatterns.

Operations for Referencing Subpatterns:

FOLLOWED_BY: This operation is used to indicate that one event follows another within a specified time window.

OR: This logical operation allows for the inclusion of multiple subpatterns, where the rule triggers if any of the subpatterns match.

AND: This logical operation requires all referenced subpatterns to match for the rule to trigger.

Usage: These operations allow for detailed and precise event correlation, helping to detect complex patterns and incidents.

Reference: FortiSIEM 6.3 User Guide, Advanced Analytics Rules Engine section, which explains the use of different operations to reference subpatterns in rules.

by Herminia at Jan 21, 2025, 11:16 PM

Limited Time Offer

25%

Off

Get Premium NSE5_FSM-6.3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Yen

3 days ago

I think B) Response policies is the correct answer. That's where you configure rule notifications and automated remediation on FortiSIEM.

upvoted 0 times

...

Garry

4 days ago

I'm not sure, but I think it could also be B) Response policies, as they might also play a role in configuring automated remediation.

upvoted 0 times

...

Stephaine

5 days ago

I agree with Dorethea, because notification policies are where you configure rule notifications and automated remediation on FortiSIEM.

upvoted 0 times

...

Dorethea

6 days ago

I think the answer is D) Notification policy.

upvoted 0 times

...