1. Home
  2. Fortinet
  3. NSE5_FSM-5.2

Fortinet NSE 5 - FortiSIEM 5.2

Exam Details

  • Exam Code
    :NSE5_FSM-5.2
  • Exam Name
    :Fortinet NSE 5 - FortiSIEM 5.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :42 Q&As
  • Last Updated
    :Jun 10, 2025

Fortinet Fortinet Certifications NSE5_FSM-5.2 Questions & Answers

  • Question 11:

    Refer to the exhibit.

    An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.

    Which is the correct expression?

    A. Matched Events COUNT()

    B. Matched Events(COUNT)

    C. COUNT(Matched Events)

    D. (COUNT) Matched Events

  • Question 12:

    Which command displays the Linux agent status?

    A. Service fsm-linux-agent status

    B. Service Ao-linux-agent status

    C. Service fortisiem-linux-agent status

    D. Service linux-agent status

  • Question 13:

    If an incident's status is Cleared, what does this mean?

    A. Two hours have passed since the incident occurred and the incident has not reoccurred.

    B. A clear condition set on a rule was satisfied.

    C. A security rule issue has been resolved.

    D. The incident was cleared by an operator.

  • Question 14:

    Which two FortiSIEM components work together to provide real-time event correlation?

    A. Collector and Windows agent

    B. Supervisor and worker

    C. Worker and collector

    D. Supervisor and collector

  • Question 15:

    Which FortiSIEM components can do performance availability and performance monitoring?

    A. Supervisor, worker, and collector

    B. Supervisor and workers only

    C. Supervisor only

    D. Collectors only

  • Question 16:

    Refer to the exhibit.

    A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully. As shown in the exhibit, why are some of the fields highlighted in red?

    A. The Event Receive Time attribute is not available for logs.

    B. The attribute COUNT(Matched event) is an invalid expression.

    C. Unique attributes cannot be grouped.

    D. No RAW Event Log attribute is available for devices.

  • Question 17:

    What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

    A. 16GB RAM

    B. 32GB RAM

    C. 64GB RAM

    D. 24GB RAM

  • Question 18:

    Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

    A. CMDB scan

    B. L2 scan

    C. Range scan

    D. Smart scan

  • Question 19:

    What are the four possible incident status values?

    A. Active, dosed, cleared, open

    B. Active, cleared, cleared manually, system cleared

    C. Active, closed, manual, resolved

    D. Active, auto cleared, manual, false positive

  • Question 20:

    Which process convertsRaw log data to structured data?

    A. Data enrichment

    B. Data classification

    C. Data parsing

    D. Data validation

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE5_FSM-5.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.