Unused Events in Event Processing Systems Quiz
20 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which node calculates the unused events and sends the value to the central decision-making engine?

  • Event entry node
  • Worker
  • Supervisor (correct)
  • Collector
  • What is the total incoming EPS from the three collectors in the example?

  • 175 (correct)
  • 93,600
  • 31,500
  • 71,460
  • What is the total unused events in the example?

  • 31,500
  • 175
  • 93,600
  • 71,460 (correct)
  • What is the formula to calculate the total number of allowed events for the next three-minute interval?

    <p>licensed EPS + unused reservoir + 10% buffer</p> Signup and view all the answers

    What is the licensed EPS in the example?

    <p>520</p> Signup and view all the answers

    What is the total number of allowed events for the next three-minute interval in the example?

    <p>191,862</p> Signup and view all the answers

    When does the process of building the EPS reservoir start over for the next day?

    <p>Every day at midnight</p> Signup and view all the answers

    What is the restriction on the number of events that can be carried over to the next day at midnight?

    <p>50%</p> Signup and view all the answers

    What is the EPS reservoir used for in FortiSIEM?

    <p>To store events during event bursts</p> Signup and view all the answers

    What is the purpose of the 10% buffer in the formula to calculate the total number of allowed events?

    <p>To increase the number of allowed events</p> Signup and view all the answers

    FortiSIEM can use events in the EPS reservoir if the system suddenly needs to process more than the license.

    <p>The system will automatically allocate more EPS from the reservoir</p> Signup and view all the answers

    In the phoenix.log file, you can see the licensed, allowed, used, and unused (reservoir) values every three minutes.

    <p>On the Usage page of the FortiSIEM GUI</p> Signup and view all the answers

    What does the supervisor node in FortiSIEM do?

    <p>It communicates EPS values to every node</p> Signup and view all the answers

    What features are supported by the FortiSIEM Windows agent?

    <p>All features by default</p> Signup and view all the answers

    What is the purpose of the auditd daemon on Linux?

    <p>To write audit records to the disk</p> Signup and view all the answers

    What happens to the allowed events and unused reservoir values in the phoenix.log file?

    <p>They keep increasing</p> Signup and view all the answers

    What is the supervisor node's role in FortiSIEM agent management?

    <p>To manage FortiSIEM Windows and Linux agents</p> Signup and view all the answers

    How are logs collected by the Linux agent delivered to FortiSIEM?

    <p>Over HTTPS</p> Signup and view all the answers

    What is the purpose of the EPS reservoir in FortiSIEM?

    <p>To provide additional EPS when needed</p> Signup and view all the answers

    What types of nodes are there in a FortiSIEM deployment?

    <p>Supervisor, worker, and collector nodes</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser