FCP – FortiSIEM Analyst 7.2 — Question 5

Which analytics search can be used to apply a user and entity behavior analytics (UEBA) tag to an event for a failed login by the user JSmith?

Answer options

• A. User = smith
• B. Username NOT END WITH jsmith
• C. User IS jsmith
• D. Username CONTAIN smit

Correct answer: A

Explanation

Option A is correct because it specifies the exact user 'smith' which matches the failed login event for JSmith. The other options do not correctly identify JSmith; for instance, option B excludes JSmith, option C is close but uses a different syntax, and option D partially matches but does not accurately identify the user.