Event Handler Settings Quiz

Questions and Answers

Which section of an event handler contains the fields that must be matched up against logs in order to generate events?

• Both sections
• None of the sections
• Second section
• First section (correct)

What can be used to limit which logs will be checked for matches by the other filters in an event handler?

• Generic text filter
• Exclusion filter
• Multiple operators
• Prefilter (correct)

What is the purpose of a prefilter in an event handler?

• To generate events based on specific conditions
• To divide the event handler into two logical sections
• To add details to the events generated
• To limit which logs will be checked for matches by other filters (correct)

What type of logs will trigger an event when using generic text filters in an event handler?

Logs that match the specified regex pattern (A)

Which section of an event handler contains the details that will be added to the events generated if a match is found?

Second section (A)

What is the purpose of generic text filters in an event handler?

To generate events based on specific conditions (B)

What are the supported operators when configuring an event handler with generic text filters?

Regex and POSIX (C)

What is the purpose of a prefilter in an event handler?

To limit which logs will be checked for matches by other filters (D)

What is the purpose of generic text filters in an event handler?

To generate events based on specific conditions (D)

What are the supported operators when configuring an event handler with generic text filters?

Regex and POSIX (C)

Which of the following is an example of a valid filter expression in FortiAnalyzer?

dstip==192.168.1.168 & hostname ~ 'facebook' (D)

What is the purpose of event handlers in FortiAnalyzer?

To add custom messages to events (A)

Which of the following is NOT a notification method that can be used with event handlers in FortiAnalyzer?

Fabric connectors (A)

What does the event status 'Mitigated' indicate in FortiAnalyzer?

The security risk is mitigated by being blocked or dropped (C)

What is the purpose of exporting and importing event handlers in FortiAnalyzer?

To reuse existing event handlers across different A-doms (C)

Which of the following is NOT a possible event status in FortiAnalyzer?

Resolved (D)

What is the purpose of including event details in notifications sent by email, SNMP traps, fabric connectors, or syslog servers in FortiAnalyzer?

To see the event details without going into the logs (D)

What is required before using any of the notification methods with event handlers in FortiAnalyzer?

Setting up the back end for email notifications (A)

Which of the following is an example of an event handler configured to send notifications by email in FortiAnalyzer?

Server IP: 10.200.1.254 (A)

What should be done if a name conflict occurs during the import of event handlers in FortiAnalyzer?

FortiAnalyzer will add a time stamp to the imported handler (A)

Flashcards are hidden until you start studying