Refer to the exhibit. The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window: How many incidents are generated?
Study Guide p.204
when using the "group by" & aggregate, for a hit everything must match for the counter to go up, in this case we also group by device and every user is connecting to 2 diffrent devices (FortiGate & FortiGate2) so the counter won't exceed 1 even tough something else is matching because every attribute needs to match together
Study Guide p.204
when using the "group by" & aggregate, for a hit everything must match for the counter to go up, in this case we also group by device and every user is connecting to 2 diffrent devices (FortiGate & FortiGate2) so the counter won't exceed 1 even tough something else is matching because every attribute needs to match together
C: 0, because:
Aggregation condition is 2 or more.
Same reporting IP 1.1.1.1 has users Sarah (1x), John (1x), Tom (1x), so no 2 or more events
Same reporting IP 1.1.1.3 has users Tom (1x), John (1x), Sarah (1x), with no 2 or more events
As these group by conditions don't generate enough events already, no need to look at the other ones. No incident is generated.
0 Porque estamos agrupando el reportng IP y es diferente para los eventos, no se cumple la condicion al no existir eventos con los mismos parametros de agrupación
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Trustn00ne
8 months, 2 weeks agoTrustn00ne
8 months, 2 weeks agoMightyPirateC
8 months, 2 weeks agoanitaramirezcl
8 months, 2 weeks ago