FortiSIEM Deployment and Event Management Quiz

Questions and Answers

Which deployment type is best suited for a hosting type environment?

Service Provider Without Collector (correct)

Service Provider With Collector

Hybrid Deployment

None of the above

In which deployment type can overlapping IP-address ranges be used?

Service Provider Without Collector

Service Provider With Collector (correct)

Hybrid Deployment

None of the above

Where can collectors be placed in the Service Provider With Collector deployment type?

Only on the LAN

Only on the DMZ

Anywhere on the LAN, WAN, DMZ, or remote sites (correct)

Only on the WAN

What is the advantage of using collectors in the Service Provider With Collector deployment type?

Remote administration of customer devices

In which deployment type can some customers have collectors while others send logs directly to the FortiSIEM cluster?

Hybrid Deployment

What is the requirement for customers without collectors in a hybrid deployment?

Distinct IP subnet

What is automatically given to each new organization in FortiSIEM?

Organization ID

Which deployment type is the most common for service providers or very large enterprises using multi-tenancy features?

Service Provider With Collector

What is the key requirement for each customer in the Service Provider Without Collector deployment type?

Unique IP-address scheme

What is the benefit of deploying FortiSIEM in a hybrid manner?

Flexibility for different customer types

Which field in the organization creation process is optional?

Full Name

What does the Admin Email field define in the organization creation process?

Email address for the administrator user

How can an organization be defined?

By associating collectors with the organization

What does the Max Devices field define in the organization creation process?

The number of devices the organization can have in the CMDB

What is the purpose of the Total Devices Limit in the organization creation process?

To set a limit on the maximum number of devices that can be assigned to an organization

Can various fields, including the organization name, be edited after organization definition?

Yes

How are organizations without collectors defined?

By defining an IP range

Is CIDR notation supported when defining IP ranges for organizations without collectors?

No

What should be considered when defining IP ranges for organizations without collectors?

Excluding IP addresses of routers

What is the purpose of the Max Device feature?

To define the maximum number of devices an organization can have in the CMDB

Study Notes

FortiSIEM Deployment Types

• Service Provider With Collector deployment type is suitable for a hosting type environment.
• Overlapping IP-address ranges can be used in the Service Provider With Collector deployment type.

Collector Placement

• In the Service Provider With Collector deployment type, collectors can be placed with customers.

Advantages of Collectors

• The advantage of using collectors in the Service Provider With Collector deployment type is that some customers can have collectors while others send logs directly to the FortiSIEM cluster.

Hybrid Deployment

• In a hybrid deployment, some customers can have collectors while others send logs directly to the FortiSIEM cluster.
• The requirement for customers without collectors in a hybrid deployment is that they must send logs directly to the FortiSIEM cluster.

Organization Creation

• Each new organization in FortiSIEM is automatically given a unique identifier.
• The most common deployment type for service providers or very large enterprises using multi-tenancy features is the Service Provider Without Collector deployment type.
• The key requirement for each customer in the Service Provider Without Collector deployment type is that they must send logs directly to the FortiSIEM cluster.
• The benefit of deploying FortiSIEM in a hybrid manner is that it allows some customers to have collectors while others send logs directly to the FortiSIEM cluster.

Organization Definition

• The optional field in the organization creation process is the Admin Email field, which defines the administrator's email address.
• An organization can be defined by its name, among other criteria.
• The Max Devices field defines the maximum number of devices allowed in an organization.
• The purpose of the Total Devices Limit in the organization creation process is to set a limit on the total number of devices across all organizations.

Organization Editing

• Various fields, including the organization name, can be edited after organization definition.

Organizations Without Collectors

• Organizations without collectors are defined by their IP ranges, which can be specified in CIDR notation.
• IP ranges for organizations without collectors should be defined carefully to avoid conflicts.
• The purpose of the Max Device feature is to limit the number of devices in an organization.

IP Range Definition

• CIDR notation is supported when defining IP ranges for organizations without collectors.
• When defining IP ranges for organizations without collectors, it is important to consider the potential for conflicts with other organizations.

Description

Test your knowledge on deploying FortiSIEM without a collector in a hosting environment. Learn about unique IP-address schemes for each customer and how to distinguish events and incidents in the FortiSIEM cluster.