Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_OTS-7.2 Topic 1 Question 5 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam
Question #: 5
Topic #: 1
[All NSE7_OTS-7.2 Questions]

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Donette
6 months ago
Yes, that's a good point, Garry. We should double-check all the configurations to troubleshoot.
upvoted 0 times
...
Garry
6 months ago
I believe the Group By section must also be checked to ensure it matches the attributes in the Filters section.
upvoted 0 times
...
Michele
6 months ago
Part of the image is missing. To me is the OR operator missing. Probably the ot ports group contains modbus port 502. If the condition is "AND", no packet is matched because modbus port can't be present both in the source and destination port at the same time.
upvoted 1 times
...
Isadora
6 months ago
I agree with Donette. The SubPattern should be configured correctly to match the Modbus protocol.
upvoted 0 times
...
Donette
6 months ago
I think the issue might be with the SubPattern filter missing the filter to match the Modbus protocol.
upvoted 0 times
...
Ricki
6 months ago
Maybe the attributes in the Group By section need to match the ones in the Filters section.
upvoted 0 times
...
Noah
7 months ago
I believe the Aggregate attribute COUNT expression is incompatible with the filters.
upvoted 0 times
...
Flo
7 months ago
I think the issue might be with the SubPattern filter missing the filter for Modbus protocol.
upvoted 0 times
...
Mary
8 months ago
Alright, alright, let's not get too carried away here. I think we've got a pretty good handle on this question, and option D does seem like the most logical answer. Now let's just hope the actual exam is a little more straightforward, huh?
upvoted 0 times
...
Dalene
8 months ago
Okay, let's start with option A. The first condition on the SubPattern filter using the OR logical operator? That doesn't sound right to me. Wouldn't that make the rule too broad?
upvoted 0 times
...
Carline
8 months ago
Option B seems like a red herring to me. Why would the attributes in the Group By section need to match the ones in the Filters section? That doesn't seem like a logical requirement for the rule to work properly.
upvoted 0 times
Eun
8 months ago
C: The first condition on the SubPattern filter must use the OR logical operator.
upvoted 0 times
...
Gracia
8 months ago
A: The Aggregate attribute COUNT expression is incompatible with the filters.
upvoted 0 times
...
Katlyn
8 months ago
B: The SubPattern is missing the filter to match the Modbus protocol.
upvoted 0 times
...
Natalya
8 months ago
A: The first condition on the SubPattern filter must use the OR logical operator.
upvoted 0 times
...
...
Anglea
8 months ago
Haha, I bet the exam writers are trying to trip us up with these options. I was also thinking D, but now I'm second-guessing myself. Maybe we're all missing something obvious?
upvoted 0 times
...
Talia
8 months ago
I agree, option D does seem like the most likely answer. If the rule is supposed to monitor Modbus traffic, but it's not triggering any incidents, then the SubPattern is probably not correctly filtering for the Modbus protocol.
upvoted 0 times
...
Eladia
8 months ago
Hmm, this question seems pretty tricky. I'm not sure I fully understand the issue with the rule configuration. Let's go through the options and see what we can figure out.
upvoted 0 times
Delsie
7 months ago
I believe option D is crucial. It mentions matching the Modbus protocol.
upvoted 0 times
...
Ahmed
7 months ago
Should we consider option C too? It talks about Aggregate attribute.
upvoted 0 times
...
Charisse
7 months ago
I think the correct option might be B. It mentions Group By and Filters section matching.
upvoted 0 times
...
Gilma
7 months ago
Let's analyze option A. It talks about using the OR logical operator.
upvoted 0 times
...
...
Nickolas
8 months ago
Hmm, this question seems a bit tricky. The issue with the rule configuration is not immediately clear to me. I'm leaning towards option D, since the question states that the rule is monitoring the Modbus protocol, but the SubPattern might be missing the filter to match it.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77