Fortinet NSE5_FSM-5.2 Online Practice Questions and Exam Preparation

Fortinet NSE5_FSM-5.2 Online Questions & Answers

• Question 1:

  What are the four categories of incidents?

  A. Devices, users, high risk, and low risk
  B. Performance, availability, security, and change
  C. Performance, devices, high risk, and low risk
  D. Security, change, high risk, and low risk
  B. Performance, availability, security, and change

• Question 2:

  Device discovery information is stored in which database?

  A. CMDB
  B. Profile DB
  C. Event DB
  D. SVN DB
  A. CMDB

• Question 3:

  Refer to the exhibit.

  

  The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search. Based on the selected fillers shown in the exhibit, why is the search returning no results?

  A. Parenthesis are missing
  B. The wrong boolean operator is selected in the Next column
  C. The wrong option is selected in the Operator column
  D. An invalid IP subnet is typed in the Value column
  D. An invalid IP subnet is typed in the Value column

• Question 4:

  Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  A. Profile DB
  B. Event DB
  C. CMDB
  D. SVN DB
  B. Event DB

• Question 5:

  Refer to the exhibit.

  

  A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

  Based on the selected filters shown in the exhibit, why are there no search results?

  A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  B. In the Time section, the administrator selected the Relative Last option, and in the drop- down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  C. The administratorselected - inthe Operator column That a the wrong operator.
  D. The administrator selected AND in the Nextdrop-down list. Thisis the wrong boolean operator.
  C. The administratorselected - inthe Operator column That a the wrong operator.

• Question 6:

  Which item is required to register a FortiSIEM appliance license?

  A. Static storage
  B. Static MAC address
  C. Static IP address
  D. Static Hardware ID
  D. Static Hardware ID

• Question 7:

  Which protocol is almost always required for the FortiSIEM GUI discovery process?

  A. SNMP
  B. WMI
  C. Syslog
  D. Telnet
  A. SNMP

• Question 8:

  An administrator wants to search for events received from Linux and Windows agents.

  Which attribute should the administrator use in search filters, to view events received from agents only.

  A. External Event Receive Protocol
  B. Event Received Proto Agents
  C. External Event Receive Raw Logs
  D. External Event Receive Agents
  C. External Event Receive Raw Logs

• Question 9:

  What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

  A. 16GB RAM
  B. 32GB RAM
  C. 64GB RAM
  D. 24GB RAM
  B. 32GB RAM

• Question 10:

  Refer to the exhibit.

  

  A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully. As shown in the exhibit, why are some of the fields highlighted in red?

  A. The Event Receive Time attribute is not available for logs.
  B. The attribute COUNT(Matched event) is an invalid expression.
  C. Unique attributes cannot be grouped.
  D. No RAW Event Log attribute is available for devices.
  C. Unique attributes cannot be grouped.