[Jan-2022] NSE5_FSM-5.2 Exam Questions and Valid NSE5_FSM-5.2 Dumps PDF
NSE5_FSM-5.2 Brain Dump: A Study Guide with Tips & Tricks for passing Exam
NEW QUESTION 24
Refer to the exhibit.
What do the yellow stars listed in the Monitor column indicate?
- A. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
- B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
- C. A yellow star indicates that a metric was applied during discovery, but data collection has not started
- D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
Answer: D
NEW QUESTION 25
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Using the pull events method
- B. Through syslog discovery
- C. Through auto log discovery
- D. Through GUI log discovery
Answer: D
NEW QUESTION 26
Refer to the exhibit.
If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?
- A. There results will be displayed.
- B. Unique attribute cannot be grouped.
- C. Seven results will be displayed.
- D. Five results will be displayed.
Answer: D
NEW QUESTION 27
Which process converts Raw log data to structured data?
- A. Data parsing
- B. Data enrichment
- C. Data classification
- D. Data validation
Answer: A
NEW QUESTION 28
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?
- A. CMDB scan
- B. L2 scan
- C. Range scan
- D. Smart scan
Answer: D
NEW QUESTION 29
Refer to the exhibit.
If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?
- A. Eight results will be displayed
- B. Two results will be displayed
- C. Four results will be displayed
- D. Unique attributes cannot be grouped
Answer: D
NEW QUESTION 30
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
- A. Filters
- B. Group By
- C. Time Window
- D. Aggregation
Answer: D
NEW QUESTION 31
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?
- A. Parenthesis are missing
- B. The wrong option is selected in the Operator column
- C. The wrong boolean operator is selected in the Next column
- D. An invalid IP subnet is typed in the Value column
Answer: D
NEW QUESTION 32
If an incident's status is Cleared, what does this mean?
- A. Two hours have passed since the incident occurred and the incident has not reoccurred.
- B. A clear condition set on a rule was satisfied.
- C. A security rule issue has been resolved.
- D. The incident was cleared by an operator.
Answer: A
NEW QUESTION 33
Which FortiSIEM components can do performance availability and performance monitoring?
- A. Supervisor, worker, and collector
- B. Collectors only
- C. Supervisor only
- D. Supervisor and workers only
Answer: A
NEW QUESTION 34
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?
- A. PH_DEV_MON_SMTP_STOP
- B. Postfix-Mail-Slop
- C. Generic_SMTP_Process_Exit
- D. PH_DEV_MON_PROC_STOP
Answer: D
NEW QUESTION 35
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
- A. UDP 514
- B. TCP 1470
- C. UDP9999
- D. TCP 514
- E. UDP 162
Answer: A,B,E
NEW QUESTION 36
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?
- A. Parenthesis are missing
- B. The wrong boolean operator is selected in the Next column
- C. An invalid IP subnet is typed in the Value column
- D. The wrong option is selected in the Operator column
Answer: B
NEW QUESTION 37
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?
- A. 64GB RAM
- B. 16GB RAM
- C. 32GB RAM
- D. 24GB RAM
Answer: D
NEW QUESTION 38
Refer to the exhibit.
A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
- A. LDAPS
- B. LDAP start TLS
- C. WMI
- D. TELNET
Answer: D
NEW QUESTION 39
Which item is required to register a FortiSIEM appliance license?
- A. Static Hardware ID
- B. Static IP address
- C. Static storage
- D. Static MAC address
Answer: A
NEW QUESTION 40
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?
- A. CMDB Report Conditions
- B. UI Access
- C. Data Conditions
Answer: C
NEW QUESTION 41
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. Unique attributes cannot be grouped.
- B. The Event Receive Time attribute is not available for logs.
- C. The attribute COUNT(Matched event) is an invalid expression.
- D. No RAW Event Log attribute is available for devices.
Answer: A
NEW QUESTION 42
To determine SNMP discovery issues, which is the best command from the backend?
- A. ssh
- B. snmpwalk
- C. phSNMPTest
- D. snmptest
Answer: B
NEW QUESTION 43
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.
- A. External Event Receive Agents
- B. Event Received Proto Agents
- C. External Event Receive Raw Logs
- D. External Event Receive Protocol
Answer: D
NEW QUESTION 44
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Using the pull events method
- B. Through syslog discovery
- C. Through auto log discovery
- D. Through GUI log discovery
Answer: D
NEW QUESTION 45
Refer to the exhibit.
An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?
- A. Matched Events(COUNT)
- B. COUNT(Matched Events)
- C. (COUNT) Matched Events
- D. Matched Events COUNT()
Answer: B
NEW QUESTION 46
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?
- A. The collector drops incoming events like syslog. but slops performance collection
- B. The collector processes stop, and events are dropped
- C. The collector buffers events
- D. The collector continues performance collection of devices, but stops receiving syslog
Answer: B
NEW QUESTION 47
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?
- A. Up status is assigned because of received packets
- B. Down status is assigned because of packet loss.
- C. Degraded status is assigned because of packet loss
- D. Critical status is assigned because of reduction in number of packets received
Answer: C
NEW QUESTION 48
......
NSE5_FSM-5.2 Exam Questions: Free PDF Download Recently Updated Questions: https://torrentpdf.vceengine.com/NSE5_FSM-5.2-vce-test-engine.html
