Refer to the exhibit.
A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?
A . The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
B . In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
C . The administratorselected – inthe Operator column That a the wrong operator.
D . The administrator selected AND in the Nextdrop-down list. Thisis the wrong boolean operator.
Answer: C
Leave a Reply