NSE 5 – FortiSIEM 5.2 — Question 28

What protocol can be used to collect Windows event logs in an agentless method?

Answer options

• A. SSH
• B. SNMP
• C. WMI
• D. SMTP

Correct answer: C

Explanation

WMI (Windows Management Instrumentation) is specifically designed to allow for the management and monitoring of Windows systems, including the collection of event logs without needing an agent. SSH, SNMP, and SMTP do not provide the necessary functionality for collecting Windows event logs in an agentless manner.