NSE6_FSM_AN-7.4 無料問題集「Fortinet NSE 6 - FortiSIEM 7.4 Analyst」

（A）FortiSIEM license

（B）Host software versions

（C）Host login credentials

（D）ZTNA tags

（A）Watch list entries do not expire, lookup table entries have a defined lifetime.

（B）A watchlist can be updated through an API, and a lookup table cannot.

（C）A lookup table requires a parser to be able to query and interpret the data, a watchlist does not require a parser.

（D）A lookup table can have multiple columns, and a watchlist only has one.

（A）FortiSIEM updates the Incident Count value and Last Seen timestamp.

（B）FortiSIEM generates a new incident each time the rule triggers and updates all the First Seen and Last Seen timestamps.

（C）FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

（D）FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

（A）API query

（B）LDAP query

（C）Event query

（D）CMDB query

（A）A FortiGate address group

（B）An authentication user group

（C）A watchlist

（D）A CMDB device group

（A）The Event Type refers to a CMDB lookup and should be an Event lookup.

（B）The Aggregate attribute is too restrictive.

（C）The Destination Host Name value is not fully qualified.

（D）The Group By attributes restricts which events are counted.

（A）Add the devices to a rule exclusion automation policy.

（B）Add their associated discovery credentials.

（C）Add them to the global exclusion list.

（D）Add them to a device group that is being filtered by the rules.