NSE 8 – Network Security Expert (811) — Question 14

A legacy router has been replaced by a FortiGate device. The FortiGate has inherited the management IP address of the router and now the network administrator needs to remove the router from the FortiSIEM configuration.
Which two statements about this operation are true? (Choose two.)

Answer options

• A. FortiSIEM will move the router device into the Decommission folder.
• B. The router will be completely deleted from the FortiSIEM database.
• C. By default, FortiSIEM can only parser event logs for FortiGate devices.
• D. FortiSIEM will discover a new device for the FortiGate with the same IP.

Correct answer: A, D

Explanation

The correct answer is A and D. When decommissioning a device, FortiSIEM typically moves it to the Decommission folder rather than deleting it entirely. Additionally, FortiSIEM will recognize the new FortiGate device using the inherited IP address, allowing for continued monitoring. The other options are incorrect as they do not accurately reflect the behavior of FortiSIEM in this scenario.