View all questions & answers for the NSE 7 - Security Operations 7.6 Architect Materials exam


NSE 7 - Security Operations 7.6 Architect Materials-Question 22 Discussion

Refer to the exhibit. You are reviewing the Triggering Events page for a FortiSIEM incident. You want to remove the Reporting IP column because you have only one firewall in the topology. How do you accomplish this? (Choose one answer)

  • A. Clear the Reporting IP field from the Triggered Attributes section when you configure the Incident Action.
  • B. Disable correlation for the Reporting IP field in the rule subpattern.
  • C. Remove the Reporting IP attribute from the raw logs using parsing rules.
  • D. Customize the display columns for this incident.
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Anonymous User 2026-04-13 21:49:59

Selected Answers: A


It's on page 111 of the study guide, under the "Incident Handling and FortiSIEM" section, in the explanation of how to define a rule's incident action:

"Triggered Attributes: Select the attributes from the triggering events that you want to include as columns in the Dashboard and Incidents interfaces for this event."