Fortinet Exam NSE7_OTS-7.2 Topic 1 Question 5 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam

Question #: 5
Topic #: 1

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

AThe first condition on the SubPattern filter must use the OR logical operator.

BThe attributes in the Group By section must match the ones in Fitters section.

CThe Aggregate attribute COUNT expression is incompatible with the filters.

DThe SubPattern is missing the filter to match the Modbus protocol.

Show Suggested Answer

Suggested Answer: B

by Johnetta at Apr 12, 2024, 05:57 PM

Limited Time Offer

25%

Off

Get Premium NSE7_OTS-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Dalene

10 days ago

Okay, let's start with option A. The first condition on the SubPattern filter using the OR logical operator? That doesn't sound right to me. Wouldn't that make the rule too broad?

upvoted 0 times

...

Carline

11 days ago

Option B seems like a red herring to me. Why would the attributes in the Group By section need to match the ones in the Filters section? That doesn't seem like a logical requirement for the rule to work properly.

upvoted 0 times

...

Anglea

11 days ago

Haha, I bet the exam writers are trying to trip us up with these options. I was also thinking D, but now I'm second-guessing myself. Maybe we're all missing something obvious?

upvoted 0 times

...

Talia

12 days ago

I agree, option D does seem like the most likely answer. If the rule is supposed to monitor Modbus traffic, but it's not triggering any incidents, then the SubPattern is probably not correctly filtering for the Modbus protocol.

upvoted 0 times

...

Eladia

12 days ago

Hmm, this question seems pretty tricky. I'm not sure I fully understand the issue with the rule configuration. Let's go through the options and see what we can figure out.

upvoted 0 times

...

Nickolas

14 days ago

Hmm, this question seems a bit tricky. The issue with the rule configuration is not immediately clear to me. I'm leaning towards option D, since the question states that the rule is monitoring the Modbus protocol, but the SubPattern might be missing the filter to match it.

upvoted 0 times

...