NSE5_FSM-5.2 Exam Questions Dumps, Selling Fortinet Products
NSE5_FSM-5.2 Cert Guide PDF 100% Cover Real Exam Questions
NEW QUESTION 14
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?
- A. Critical status is assigned because of reduction in number of packets received
- B. Down status is assigned because of packet loss.
- C. Degraded status is assigned because of packet loss
- D. Up status is assigned because of received packets
Answer: C
NEW QUESTION 15
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?
- A. 24GB RAM
- B. 16GB RAM
- C. 64GB RAM
- D. 32GB RAM
Answer: A
NEW QUESTION 16
Which FortiSIEM components are capable of performing device discovery?
- A. Collector
- B. FortiSIEM Windows agent
- C. Worker
- D. FortiSIEM Linux agent
Answer: A
NEW QUESTION 17
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. No RAW Event Log attribute is available for devices.
- B. Unique attributes cannot be grouped.
- C. The attribute COUNT(Matched event) is an invalid expression.
- D. The Event Receive Time attribute is not available for logs.
Answer: B
NEW QUESTION 18
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?
- A. Profile DB
- B. SVN DB
- C. CMDB
- D. Event DB
Answer: D
NEW QUESTION 19
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?
- A. The collector buffers events
- B. The collector processes stop, and events are dropped
- C. The collector continues performance collection of devices, but stops receiving syslog
- D. The collector drops incoming events like syslog. but slops performance collection
Answer: B
NEW QUESTION 20
Which item is required to register a FortiSIEM appliance license?
- A. Static MAC address
- B. Static IP address
- C. Static Hardware ID
- D. Static storage
Answer: C
NEW QUESTION 21
Which process converts Raw log data to structured data?
- A. Data parsing
- B. Data enrichment
- C. Data validation
- D. Data classification
Answer: C
NEW QUESTION 22
To determine whether or not syslog is being received from a network device, which is the best command from the backend?
- A. tcpdump
- B. netcat
- C. phSyslogRecorder
- D. phDeviceTest
Answer: A
NEW QUESTION 23
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
- A. UDP 514
- B. TCP 1470
- C. UDP9999
- D. TCP 514
- E. UDP 162
Answer: A,B,E
NEW QUESTION 24
To determine SNMP discovery issues, which is the best command from the backend?
- A. snmptest
- B. snmpwalk
- C. ssh
- D. phSNMPTest
Answer: B
NEW QUESTION 25
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?
- A. The Incident Count value increases, and the First Seen and Last Seen tomes update
- B. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
- C. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
- D. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
Answer: D
NEW QUESTION 26
Which two export methods are available for FortiSIEM analytics results? (Choose two.)
- A. HTML
- B. PNG
- C. CSV
- D. PDF
Answer: C,D
NEW QUESTION 27
Which command displays the Linux agent status?
- A. Service fsm-linux-agent status
- B. Service fortisiem-linux-agent status
- C. Service Ao-linux-agent status
- D. Service linux-agent status
Answer: B
NEW QUESTION 28
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. No RAW Event Log attribute is available for devices.
- B. Unique attributes cannot be grouped.
- C. The attribute COUNT(Matched event) is an invalid expression.
- D. The Event Receive Time attribute is not available for logs.
Answer: B
NEW QUESTION 29
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
- A. Filters
- B. Time Window
- C. Aggregation
- D. Group By
Answer: C
NEW QUESTION 30
If an incident's status is Cleared, what does this mean?
- A. The incident was cleared by an operator.
- B. A security rule issue has been resolved.
- C. A clear condition set on a rule was satisfied.
- D. Two hours have passed since the incident occurred and the incident has not reoccurred.
Answer: C
NEW QUESTION 31
Refer to the exhibit.
A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
- A. LDAP start TLS
- B. LDAPS
- C. TELNET
- D. WMI
Answer: C
NEW QUESTION 32
If an incident's status is Cleared, what does this mean?
- A. The incident was cleared by an operator.
- B. A security rule issue has been resolved.
- C. A clear condition set on a rule was satisfied.
- D. Two hours have passed since the incident occurred and the incident has not reoccurred.
Answer: D
NEW QUESTION 33
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Through auto log discovery
- B. Through GUI log discovery
- C. Through syslog discovery
- D. Using the pull events method
Answer: B
NEW QUESTION 34
......
Pass NSE5_FSM-5.2 Exam - Real Questions and Answers: https://pass4sure.itexamdownload.com/NSE5_FSM-5.2-valid-questions.html