View all questions & answers for the NSE 7 - Security Operations 7.6 Architect Materials exam


NSE 7 - Security Operations 7.6 Architect Materials-Question 48 Discussion

Refer to the exhibit. You want to configure a FortiSIEM rule that triggers when a FortiMail device reports at least 100 recipient verification failures for different email accounts in the domain acmecorp.net. What would you add or modify to accomplish this task? (Choose one answer)

  • A. Change the aggregate to COUNT (Distinct Mail Receiver) >= 100.
  • B. Add a filter for Mail Receiver => 100.
  • C. Change the status attribute filter from Status CONTAIN FAIL to Status CUSTOM EXPRESSION FAIL >= 100.
  • D. Add a filter for Mail Receiver CONTAIN acmecorp.net.
Correct Answer: A

Brave-Dump Clients Votes

A 66.67%
C 33.33%

Comments



Brave-Dumps.com Admin 2026-04-11 15:12:31

Selected Answers: C


I think C is the correct, what do you think?
  • Brave-Dumps.com Admin 2026-04-15 10:31:59
    Ibrahim comment is correct, A

Anonymous User 2026-04-13 22:40:16

Selected Answers: A


The key requirement is "for different email accounts" — meaning you need to count unique/distinct recipients, not just total events.

Brave-Dumps.com Admin 2026-04-15 10:32:06

Selected Answers: A


Ibrahim comment is correct, A