Fortinet NSE5-FSM-5-2 Exam Questions
Questions for the NSE5-FSM-5-2 were updated on : Jul 20 ,2024
Page 1 out of 3. Viewing questions 1-15 out of 42
Question 1
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so
successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. The Event Receive Time attribute is not available for logs.
- B. The attribute COUNT(Matched event) is an invalid expression.
- C. Unique attributes cannot be grouped.
- D. No RAW Event Log attribute is available for devices.
Answer:
C
Question 2
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching
evaluated data?
- A. Time Window
- B. Aggregation
- C. Group By
- D. Filters
Answer:
B
Question 3
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Through GUI log discovery
- B. Through syslog discovery
- C. Using the pull events method
- D. Through auto log discovery
Answer:
A
Question 4
Refer to the exhibit.
If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many
results will be displayed?
- A. Seven results will be displayed.
- B. There results will be displayed.
- C. Unique attribute cannot be grouped.
- D. Five results will be displayed.
Answer:
D
Question 5
Which two FortiSIEM components work together to provide real-time event correlation?
- A. Collector and Windows agent
- B. Supervisor and worker
- C. Worker and collector
- D. Supervisor and collector
Answer:
D
Question 6
If an incident’s status is Cleared, what does this mean?
- A. Two hours have passed since the incident occurred and the incident has not reoccurred.
- B. A clear condition set on a rule was satisfied.
- C. A security rule issue has been resolved.
- D. The incident was cleared by an operator.
Answer:
B
Question 7
Refer to the exhibit.
A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM
administrator is trying to search the raw event logs for the last two hours that contain the keyword
tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?
- A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
- B. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
- C. The administrator selected - in the Operator column That a the wrong operator.
- D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
Answer:
C
Question 8
Which FortiSIEM components are capable of performing device discovery?
- A. FortiSIEM Windows agent
- B. Worker
- C. FortiSIEM Linux agent
- D. Collector
Answer:
D
Question 9
Refer to the exhibit.
An administrator is trying to identify an issue using an expression bated on the Expression Builder
settings shown in the exhibit however, the error message shown in the exhibit indicates that the
expression is invalid.
Which is the correct expression?
- A. Matched Events COUNT()
- B. Matched Events(COUNT)
- C. COUNT(Matched Events)
- D. (COUNT) Matched Events
Answer:
C
Question 10
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the
Availability column of summary dashboard?
- A. Down status is assigned because of packet loss.
- B. Up status is assigned because of received packets
- C. Critical status is assigned because of reduction in number of packets received
- D. Degraded status is assigned because of packet loss
Answer:
D
Question 11
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
- A. UDP9999
- B. UDP 162
- C. TCP 514
- D. UDP 514
- E. TCP 1470
Answer:
CDE
Question 12
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using
which three operation?(Choose three.)
- A. ELSE
- B. NOT
- C. FOLLOWED_BY
- D. OR
- E. AND
Answer:
ABE
Question 13
Device discovery information is stored in which database?
- A. CMDB
- B. Profile DB
- C. Event DB
- D. SVN DB
Answer:
A
Question 14
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped,
FortiSIEM would generate a critical event with which event type?
- A. PH_DEV_MON_PROC_STOP
- B. Postfix-Mail-Slop
- C. Generic_SMTP_Process_Exit
- D. PH_DEV_MON_SMTP_STOP
Answer:
A
Question 15
Which FortiSIEM components can do performance availability and performance monitoring?
- A. Supervisor, worker, and collector
- B. Supervisor and workers only
- C. Supervisor only
- D. Collectors only
Answer:
A