Refer to the exhibit.
A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server.
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
FortiSIEM requires the WMI (Windows Management Instrumentation) protocol to collect SIEM event logs and performance and availability metrics from a Microsoft Windows server. WMI provides the necessary interface for both types of data collection, making it the appropriate choice for the given requirements.
B > Page 132
B is the Correct Answer refering to the study guide page 132 not A "Most customers use a WMI credential to collectdata from win devices... WMI is used for both SIEM events collection and collection of performance and availability metrics."