Custom Business Services and I

Questions and Answers

Which mathematical operations can FortiSIEM perform?

• COUNT, SUM, AVG, MIN, MAX, LAST, FIRST (correct)
• SUM, MIN, MAX
• COUNT, AVG, LAST
• SUM, AVG, LAST

What can you use data aggregation in FortiSIEM for?

• Viewing average temperature, CPU, and memory usage for a specified group of devices
• Determining the number of events received over a specific time interval
• Seeing which firewall reported the most events over time
• All of the above (correct)

In the example mentioned, how often are the events being polled?

• Every five minutes
• Every two minutes
• Every three minutes (correct)
• Every minute

What attributes are selected for grouping in the Display Fields section?

Host IP, Host Name, Event Type, Hardware Component Name (C)

What aggregation function expressions are used in the example?

AVG for Temperature Fahrenheit, COUNT for Matched Events (A)

What does the example search query determine?

Average temperature count values reported for fuel server systems (B)

What is the time period for which the average temperature count values are calculated in the example?

Three hours (B)

What is the purpose of data aggregation in FortiSIEM?

To summarize and calculate metrics from event data (D)

What kind of events are used in the example search query?

Temperature events (D)

What does the example search query show for each hardware component of the fuel server?

Average temperature in Fahrenheit count (A)

Which process in FortiSIEM gathers and expresses information in a summary form for statistical analysis?

Data aggregation (A)

What can you do with data aggregation in FortiSIEM?

Perform mathematical operations (B)

What is the purpose of custom Purdue-level business services in FortiSIEM?

To correlate I.T and O.T incidents (C)

How are devices classified and mapped for each Purdue level in FortiSIEM?

Based on business units (B)

What are the search operators, CMDB lookups, and business services used for in FortiSIEM?

Analytical searches (B)

Which devices are listed as Purdue level 1 devices in the example shown on the slide?

PLC1-PCN-A1 and PLC1-PCN-A2 (D)

What is the main purpose of referencing custom Purdue-level business services in analytical searches, rules, and reports in FortiSIEM?

To correlate I.T and O.T incidents (D)

What IP addresses are used to filter events in FortiSIEM?

192.168.0.10 and 192.168.0.15 (C)

What group of devices are all events coming from when filtered in FortiSIEM?

Firewall group (D)

Once business services are defined in FortiSIEM, where can they be referenced?

In analytical searches, rules, and reports (B)

Which mathematical operations can FortiSIEM perform?

COUNT, SUM, AVG, MIN, MAX, LAST, FIRST (A)

What is the purpose of data aggregation in FortiSIEM?

To display aggregated data for statistical analysis (D)

What can you use data aggregation in FortiSIEM for?

To see which firewall reported the most events over time (C)

What aggregation function expressions are used in the example?

AVG and COUNT (C)

What does the example search query determine?

The average temperature count values reported for fuel server systems (D)

What group of devices are all events coming from when filtered in FortiSIEM?

O.T devices (A)

What IP addresses are used to filter events in FortiSIEM?

Host IP (C)

What is the time period for which the average temperature count values are calculated in the example?

Three hours (B)

What attributes are selected for grouping in the Display Fields section?

Host IP, Host Name, Event Type, Hardware Component Name (D)

What does the example search query show for each hardware component of the fuel server?

The average temperature in Fahrenheit count (C)

Which FortiSIEM feature allows you to correlate I.T and O.T incidents?

Custom Business Service (D)

What is the purpose of grouping devices based on the Purdue model in FortiSIEM?

To map devices to business units (B)

What is the main benefit of using search operators, CMDB lookups, and business services in FortiSIEM?

To create custom analytical searches (D)

Which devices are listed as Purdue level 1 devices in the example shown on the slide?

PLC1-PCN-A1 (D)

What is the purpose of data aggregation in FortiSIEM?

To summarize event data for statistical analysis (B)

Which mathematical operations can FortiSIEM perform for data aggregation?

COUNT, SUM, AVG, MIN, MAX, LAST, FIRST (C)

What can you use data aggregation in FortiSIEM for?

To perform statistical analysis on event data (C)

What events are filtered in FortiSIEM based on the example search query?

Events from IP-address 192.168.0.10 OR 192.168.0.15 (C)

What is the purpose of referencing custom Purdue-level business services in analytical searches, rules, and reports in FortiSIEM?

To correlate I.T and O.T incidents (B)

What is the main benefit of using custom Purdue-level business services in FortiSIEM?

To map devices to business units (D)