NSE 5 – FortiSIEM 5.2 — Question 4

If an incident's status is Cleared, what does this mean?

Answer options

• A. Two hours have passed since the incident occurred and the incident has not reoccurred.
• B. A clear condition set on a rule was satisfied.
• C. A security rule issue has been resolved.
• D. The incident was cleared by an operator.

Correct answer: A

Explanation

The correct answer is A because it indicates that sufficient time has passed without recurrence, confirming the incident is resolved. Option B refers to rule conditions being satisfied, which does not directly relate to the incident status. Option C addresses a resolution of a security rule issue but doesn't specify the incident's status. Option D is incorrect as it suggests operator intervention rather than the time-based condition for clearance.