Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_OTS-7.2 Topic 1 Question 5 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam
Question #: 5
Topic #: 1
[All NSE7_OTS-7.2 Questions]

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Johnetta at Apr 12, 2024, 05:57 PM

Limited Time Offer

25%

Off

Get Premium NSE7_OTS-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dalene
5 days ago
Okay, let's start with option A. The first condition on the SubPattern filter using the OR logical operator? That doesn't sound right to me. Wouldn't that make the rule too broad?
upvoted 0 times
...
Carline
5 days ago
Option B seems like a red herring to me. Why would the attributes in the Group By section need to match the ones in the Filters section? That doesn't seem like a logical requirement for the rule to work properly.
upvoted 0 times
...
Anglea
6 days ago
Haha, I bet the exam writers are trying to trip us up with these options. I was also thinking D, but now I'm second-guessing myself. Maybe we're all missing something obvious?
upvoted 0 times
...
Talia
7 days ago
I agree, option D does seem like the most likely answer. If the rule is supposed to monitor Modbus traffic, but it's not triggering any incidents, then the SubPattern is probably not correctly filtering for the Modbus protocol.
upvoted 0 times
...
Eladia
7 days ago
Hmm, this question seems pretty tricky. I'm not sure I fully understand the issue with the rule configuration. Let's go through the options and see what we can figure out.
upvoted 0 times
...
Nickolas
8 days ago
Hmm, this question seems a bit tricky. The issue with the rule configuration is not immediately clear to me. I'm leaning towards option D, since the question states that the rule is monitoring the Modbus protocol, but the SubPattern might be missing the filter to match it.
upvoted 0 times
...

Save Cancel