NSE5_FSM-5.2 Online Practice Questions and Answers

Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

A. Through GUI log discovery

B. Through syslog discovery

C. Using the pull events method

D. Through auto log discovery

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

A. Time Window

B. Aggregation

C. Group By

D. Filters

Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully

B. A yellow star indicates that a metric was applied during discovery, but data collection has not started

C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

What is the best discovery scan option for a network environment where ping is disabled on all network devices?

A. Smart scan

B. Range scan

C. CMDB scan

D. L2 scan

Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B. Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

A. Server A will not generate any incidents and Server B will not generate any incidents

B. Server A will generate one incident and Server B wifl generate one incident

C. Server A will generate one incident and Server B will not generate any incidents

D. Server B will generate one incident and Server A will not generate any incidents

Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server.

Which protocol should the administrator select in the AccessProtocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

A. TELNET

B. WMI

C. LDAPS

D. LDAP start TLS

If an incident's status is Cleared, what does this mean?

A. Two hours have passed since the incident occurred and the incident has not reoccurred.

B. A clear condition set on a rule was satisfied.

C. A security rule issue has been resolved.

D. The incident was cleared by an operator.

Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully. As shown in the exhibit, why are some of the fields highlighted in red?

A. The Event Receive Time attribute is not available for logs.

B. The attribute COUNT(Matched event) is an invalid expression.

C. Unique attributes cannot be grouped.

D. No RAW Event Log attribute is available for devices.

What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

A. 16GB RAM

B. 32GB RAM

C. 64GB RAM

D. 24GB RAM

Which protocol is almost always required for the FortiSIEM GUI discovery process?

A. SNMP

B. WMI

C. Syslog D. Telnet