Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_OTS-7.2 Topic 1 Question 5 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam
Question #: 5
Topic #: 1
[All NSE7_OTS-7.2 Questions]

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Donette
2 days ago
I think the issue might be with the SubPattern filter missing the filter to match the Modbus protocol.
upvoted 0 times
...
Ricki
4 days ago
Maybe the attributes in the Group By section need to match the ones in the Filters section.
upvoted 0 times
...
Noah
23 days ago
I believe the Aggregate attribute COUNT expression is incompatible with the filters.
upvoted 0 times
...
Flo
29 days ago
I think the issue might be with the SubPattern filter missing the filter for Modbus protocol.
upvoted 0 times
...
Mary
1 months ago
Alright, alright, let's not get too carried away here. I think we've got a pretty good handle on this question, and option D does seem like the most logical answer. Now let's just hope the actual exam is a little more straightforward, huh?
upvoted 0 times
...
Dalene
2 months ago
Okay, let's start with option A. The first condition on the SubPattern filter using the OR logical operator? That doesn't sound right to me. Wouldn't that make the rule too broad?
upvoted 0 times
...
Carline
2 months ago
Option B seems like a red herring to me. Why would the attributes in the Group By section need to match the ones in the Filters section? That doesn't seem like a logical requirement for the rule to work properly.
upvoted 0 times
Eun
1 months ago
C: The first condition on the SubPattern filter must use the OR logical operator.
upvoted 0 times
...
Gracia
1 months ago
A: The Aggregate attribute COUNT expression is incompatible with the filters.
upvoted 0 times
...
Katlyn
1 months ago
B: The SubPattern is missing the filter to match the Modbus protocol.
upvoted 0 times
...
Natalya
1 months ago
A: The first condition on the SubPattern filter must use the OR logical operator.
upvoted 0 times
...
...
Anglea
2 months ago
Haha, I bet the exam writers are trying to trip us up with these options. I was also thinking D, but now I'm second-guessing myself. Maybe we're all missing something obvious?
upvoted 0 times
...
Talia
2 months ago
I agree, option D does seem like the most likely answer. If the rule is supposed to monitor Modbus traffic, but it's not triggering any incidents, then the SubPattern is probably not correctly filtering for the Modbus protocol.
upvoted 0 times
...
Eladia
2 months ago
Hmm, this question seems pretty tricky. I'm not sure I fully understand the issue with the rule configuration. Let's go through the options and see what we can figure out.
upvoted 0 times
Delsie
16 days ago
I believe option D is crucial. It mentions matching the Modbus protocol.
upvoted 0 times
...
Ahmed
22 days ago
Should we consider option C too? It talks about Aggregate attribute.
upvoted 0 times
...
Charisse
24 days ago
I think the correct option might be B. It mentions Group By and Filters section matching.
upvoted 0 times
...
Gilma
25 days ago
Let's analyze option A. It talks about using the OR logical operator.
upvoted 0 times
...
...
Nickolas
2 months ago
Hmm, this question seems a bit tricky. The issue with the rule configuration is not immediately clear to me. I'm leaning towards option D, since the question states that the rule is monitoring the Modbus protocol, but the SubPattern might be missing the filter to match it.
upvoted 0 times
...

Save Cancel