• Home
  • Articles
  • Updated Oct 16, 2022 Test Engine to Practice Test for NSE5_FSM-5.2 Valid and Updated Dumps [Q15-Q35]

Updated Oct 16, 2022 Test Engine to Practice Test for NSE5_FSM-5.2 Valid and Updated Dumps [Q15-Q35]

Share

Updated Oct 16, 2022 Test Engine to Practice Test for NSE5_FSM-5.2 Valid and Updated Dumps

Exam Questions for NSE5_FSM-5.2 Updated Versions With Test Engine

NEW QUESTION 15
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. TCP 514
  • B. UDP9999
  • C. UDP 162
  • D. TCP 1470
  • E. UDP 514

Answer: C,D,E

 

NEW QUESTION 16
Device discovery information is stored in which database?

  • A. Event DB
  • B. Profile DB
  • C. CMDB
  • D. SVN DB

Answer: C

 

NEW QUESTION 17
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. Unique attributes cannot be grouped.
  • B. The Event Receive Time attribute is not available for logs.
  • C. The attribute COUNT(Matched event) is an invalid expression.
  • D. No RAW Event Log attribute is available for devices.

Answer: A

 

NEW QUESTION 18
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. CMDB
  • B. Event DB
  • C. Profile DB
  • D. SVN DB

Answer: C

 

NEW QUESTION 19
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

  • A. Worker
  • B. Collector
  • C. Supervisor
  • D. Agent

Answer: A

 

NEW QUESTION 20
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

  • A. Generic_SMTP_Process_Exit
  • B. Postfix-Mail-Slop
  • C. PH_DEV_MON_SMTP_STOP
  • D. PH_DEV_MON_PROC_STOP

Answer: C

 

NEW QUESTION 21
If an incident's status is Cleared, what does this mean?

  • A. The incident was cleared by an operator.
  • B. Two hours have passed since the incident occurred and the incident has not reoccurred.
  • C. A security rule issue has been resolved.
  • D. A clear condition set on a rule was satisfied.

Answer: D

 

NEW QUESTION 22
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

  • A. The Incident Count value increases, and the First Seen and Last Seen tomes update
  • B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
  • C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
  • D. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.

Answer: D

 

NEW QUESTION 23
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. Event DB
  • B. CMDB
  • C. Profile DB
  • D. SVN DB

Answer: A

 

NEW QUESTION 24
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • B. A yellow star indicates that a metric was applied during discovery, but data collection has not started
  • C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: D

 

NEW QUESTION 25
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

  • A. Down status is assigned because of packet loss.
  • B. Critical status is assigned because of reduction in number of packets received
  • C. Degraded status is assigned because of packet loss
  • D. Up status is assigned because of received packets

Answer: C

 

NEW QUESTION 26
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. LDAP start TLS
  • B. WMI
  • C. TELNET
  • D. LDAPS

Answer: C

 

NEW QUESTION 27
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

  • A. Event Received Proto Agents
  • B. External Event Receive Agents
  • C. External Event Receive Protocol
  • D. External Event Receive Raw Logs

Answer: D

 

NEW QUESTION 28
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. Matched Events COUNT()
  • B. (COUNT) Matched Events
  • C. COUNT(Matched Events)
  • D. Matched Events(COUNT)

Answer: C

 

NEW QUESTION 29
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

  • A. Server A will generate one incident and Server B wifl generate one incident
  • B. Server B will generate one incident and Server A will not generate any incidents
  • C. Server A will generate one incident and Server B will not generate any incidents
  • D. Server A will not generate any incidents and Server B will not generate any incidents

Answer: D

 

NEW QUESTION 30
Which item is required to register a FortiSIEM appliance license?

  • A. Static Hardware ID
  • B. Static MAC address
  • C. Static storage
  • D. Static IP address

Answer: A

 

NEW QUESTION 31
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

  • A. Data Conditions
  • B. CMDB Report Conditions
  • C. UI Access

Answer: A

 

NEW QUESTION 32
Which command displays the Linux agent status?

  • A. Service fortisiem-linux-agent status
  • B. Service Ao-linux-agent status
  • C. Service linux-agent status
  • D. Service fsm-linux-agent status

Answer: A

 

NEW QUESTION 33
Refer to the exhibit.

The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?

  • A. The wrong boolean operator is selected in the Next column
  • B. The wrong option is selected in the Operator column
  • C. Parenthesis are missing
  • D. An invalid IP subnet is typed in the Value column

Answer: A

 

NEW QUESTION 34
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Four results will be displayed
  • B. Unique attributes cannot be grouped
  • C. Two results will be displayed
  • D. Eight results will be displayed

Answer: B

 

NEW QUESTION 35
......

NSE5_FSM-5.2 Exam Dumps - Free Demo & 365 Day Updates: https://certtree.2pass4sure.com/NSE-5-Network-Security-Analyst/NSE5_FSM-5.2-actual-exam-braindumps.html

Related Articles

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam