NSE5_FSM-5.2 Online Practice Questions and Answers

To determine whether or not syslog is being received from a network device, which is the best command from the backend?

A. tcpdump

B. phDeviceTest

C. netcat

D. phSyslogRecorder

A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

A. Supervisor

B. Worker

C. Collector

D. Agent

Which FortiSIEM components are capable of performing device discovery?

A. FortiSIEM Windows agent

B. Worker

C. FortiSIEM Linux agent

D. Collector

To determine SNMP discovery issues, which is the best command from the backend?

A. snmpwalk

B. phSNMPTest

C. snmptest

D. ssh

Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

A. UDP9999

B. UDP 162

C. TCP 514

D. UDP 514

E. TCP 1470

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

A. PH_DEV_MON_PROC_STOP

B. Postfix-Mail-Slop

C. Generic_SMTP_Process_Exit

D. PH_DEV_MON_SMTP_STOP

Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

A. CMDB scan

B. L2 scan

C. Range scan

D. Smart scan

What are the four possible incident status values?

A. Active, dosed, cleared, open

B. Active, cleared, cleared manually, system cleared

C. Active, closed, manual, resolved

D. Active, auto cleared, manual, false positive

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

A. Time Window

B. Aggregation

C. Group By

D. Filters

Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully

B. A yellow star indicates that a metric was applied during discovery, but data collection has not started

C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

A. Seven results will be displayed.

B. There results will be displayed.

C. Unique attribute cannot be grouped.

D. Five results will be displayed.

What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

A. The CMDB database must be on NFS

B. The event database must be on NFS

C. The event database must be on a local disk

D. The \archive mount must be on a local disk

Which two FortiSIEM components work together to provide real-time event correlation?

A. Collector and Windows agent

B. Supervisor and worker

C. Worker and collector

D. Supervisor and collector

Which item is required to register a FortiSIEM appliance license?

A. Static storage

B. Static MAC address

C. Static IP address

D. Static Hardware ID

Refer to the exhibit.

The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.

Based on the selected fillers shown in the exhibit, why is the search returning no results?

A. Parenthesis are missing

B. The wrong boolean operator is selected in the Next column

C. The wrong option is selected in the Operator column

D. An invalid IP subnet is typed in the Value column