NSE 5 – FortiSIEM 5.2 — Question 22

If a performance rule is triggered repeatedly due to high CPU use, what occurs m the incident table?

Answer options

• A. A new incident is created each time the rule is triggered and the First Seen and Last Seen times are updated.
• B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
• C. A new incident is created based on the Rule Frequency value and the First Seen and Last Seen times are updated.
• D. The Incident Count value increases and the First Seen and Last Seen times are updated.

Correct answer: A

Explanation

The correct answer is A because a new incident is created every time the performance rule is triggered, allowing for accurate tracking of each occurrence. Option B is incorrect as the status does not change to Repeated; option C misrepresents the handling of incidents based on Rule Frequency; and option D is incorrect because the Incident Count is not the primary action taken in this scenario.