1. Home
  2. Fortinet
  3. NSE5_FSM-5.2

Fortinet NSE 5 - FortiSIEM 5.2

Exam Details

  • Exam Code
    :NSE5_FSM-5.2
  • Exam Name
    :Fortinet NSE 5 - FortiSIEM 5.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :42 Q&As
  • Last Updated
    :Jun 10, 2025

Fortinet Fortinet Certifications NSE5_FSM-5.2 Questions & Answers

  • Question 31:

    If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

    A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.

    B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.

    C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated

    D. The Incident Count value increases, and the First Seen and Last Seen tomes update

  • Question 32:

    In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

    A. The collector drops incoming events like syslog. but slops performance collection

    B. The collector continues performance collection of devices, but stops receiving syslog

    C. The collector buffers events

    D. The collector processes stop, and events are dropped

  • Question 33:

    A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

    A. CMDB Report Conditions

    B. Data Conditions

    C. UI Access

  • Question 34:

    Refer to the exhibit.

    How was the FortiGate device discovered by FortiSIEM?

    A. Through GUI log discovery

    B. Through syslog discovery

    C. Using the pull events method

    D. Through auto log discovery

  • Question 35:

    To determine SNMP discovery issues, which is the best command from the backend?

    A. snmpwalk

    B. phSNMPTest

    C. snmptest

    D. ssh

  • Question 36:

    Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

    A. UDP9999

    B. UDP 162

    C. TCP 514

    D. UDP 514

    E. TCP 1470

  • Question 37:

    An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

    A. PH_DEV_MON_PROC_STOP

    B. Postfix-Mail-Slop

    C. Generic_SMTP_Process_Exit

    D. PH_DEV_MON_SMTP_STOP

  • Question 38:

    If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

    A. Down status is assigned because of packet loss.

    B. Up status is assigned because of received packets

    C. Critical status is assigned because of reduction in number of packets received

    D. Degraded status is assigned because of packet loss

  • Question 39:

    What protocol can be used to collect Windows event logs in an agentless method?

    A. SSH

    B. SNMP

    C. WMI

    D. SMTP

  • Question 40:

    To determine whether or not syslog is being received from a network device, which is the best command from the backend?

    A. tcpdump

    B. phDeviceTest

    C. netcat

    D. phSyslogRecorder

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE5_FSM-5.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.