[Dec 25, 2021] NSE5_FSM-5.2 certification guide Q&A from Training Expert ExamsTorrent

NSE5_FSM-5.2 Certification Overview Latest NSE5_FSM-5.2 PDF Dumps

NEW QUESTION 10
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• A. TCP 514
• B. UDP 514
• C. UDP 162
• D. UDP9999
• E. TCP 1470

Answer: A,B,E

 

NEW QUESTION 11
Device discovery information is stored in which database?

• A. CMDB
• B. SVN DB
• C. Profile DB
• D. Event DB

Answer: A

 

NEW QUESTION 12
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

• A. COUNT(Matched Events)
• B. Matched Events(COUNT)
• C. (COUNT) Matched Events
• D. Matched Events COUNT()

Answer: A

 

NEW QUESTION 13
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

• A. The CMDB database must be on NFS
• B. The event database must be on a local disk
• C. The event database must be on NFS
• D. The \archive mount must be on a local disk

Answer: C

 

NEW QUESTION 14
What protocol can be used to collect Windows event logs in an agentless method?

• A. SSH
• B. SMTP
• C. SNMP
• D. WMI

Answer: D

 

NEW QUESTION 15
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

• A. Two results will be displayed
• B. Four results will be displayed
• C. Unique attributes cannot be grouped
• D. Eight results will be displayed

Answer: C

 

NEW QUESTION 16
Which process converts Raw log data to structured data?

• A. Data enrichment
• B. Data validation
• C. Data parsing
• D. Data classification

Answer: C

 

NEW QUESTION 17
To determine SNMP discovery issues, which is the best command from the backend?

• A. ssh
• B. snmptest
• C. phSNMPTest
• D. snmpwalk

Answer: D

 

NEW QUESTION 18
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

• A. L2 scan
• B. Smart scan
• C. CMDB scan
• D. Range scan

Answer: B

 

NEW QUESTION 19
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

• A. External Event Receive Protocol
• B. External Event Receive Raw Logs
• C. External Event Receive Agents
• D. Event Received Proto Agents

Answer: B

 

NEW QUESTION 20
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

• A. SVN DB
• B. Event DB
• C. Profile DB
• D. CMDB

Answer: B

 

NEW QUESTION 21
Which FortiSIEM components can do performance availability and performance monitoring?

• A. Supervisor only
• B. Supervisor and workers only
• C. Collectors only
• D. Supervisor, worker, and collector

Answer: D

 

NEW QUESTION 22
Which item is required to register a FortiSIEM appliance license?

• A. Static MAC address
• B. Static Hardware ID
• C. Static storage
• D. Static IP address

Answer: B

 

NEW QUESTION 23
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

• A. Through auto log discovery
• B. Through syslog discovery
• C. Using the pull events method
• D. Through GUI log discovery

Answer: D

 

NEW QUESTION 24
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

• A. TELNET
• B. LDAP start TLS
• C. WMI
• D. LDAPS

Answer: A

 

NEW QUESTION 25
What operating system is FortiSIEM based on?

• A. Cent OS
• B. Ubuntu
• C. RedHat
• D. Microsoft Windows

Answer: A

 

NEW QUESTION 26
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

• A. The collector processes stop, and events are dropped
• B. The collector continues performance collection of devices, but stops receiving syslog
• C. The collector buffers events
• D. The collector drops incoming events like syslog. but slops performance collection

Answer: A

 

NEW QUESTION 27
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

• A. Server B will generate one incident and Server A will not generate any incidents
• B. Server A will generate one incident and Server B will not generate any incidents
• C. Server A will not generate any incidents and Server B will not generate any incidents
• D. Server A will generate one incident and Server B wifl generate one incident

Answer: C

 

NEW QUESTION 28
What is a prerequisite for FortiSIEM Linux agent installation?

• A. The auditd service must be installed on the Linux server being monitored
• B. The web server must be installed on the Linux server being monitored
• C. The Linux agent manager server must be installed.
• D. Both the web server and the audit service must be installed on the Linux server being monitored

Answer: D

 

NEW QUESTION 29
What are the four possible incident status values?

• A. Active, auto cleared, manual, false positive
• B. Active, dosed, cleared, open
• C. Active, cleared, cleared manually, system cleared
• D. Active, closed, manual, resolved

Answer: D

 

NEW QUESTION 30
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

• A. Postfix-Mail-Slop
• B. Generic_SMTP_Process_Exit
• C. PH_DEV_MON_PROC_STOP
• D. PH_DEV_MON_SMTP_STOP

Answer: D

 

NEW QUESTION 31
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

• A. Critical status is assigned because of reduction in number of packets received
• B. Degraded status is assigned because of packet loss
• C. Down status is assigned because of packet loss.
• D. Up status is assigned because of received packets

Answer: B

 

NEW QUESTION 32
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

• A. 16GB RAM
• B. 24GB RAM
• C. 32GB RAM
• D. 64GB RAM

Answer: C

 

NEW QUESTION 33
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

• A. ELSE
• B. AND
• C. OR
• D. FOLLOWED_BY
• E. NOT

Answer: A,B,E

 

NEW QUESTION 34
......

The Best Fortinet NSE5_FSM-5.2 Study Guides and Dumps of 2021: https://www.examstorrent.com/NSE5_FSM-5.2-exam-dumps-torrent.html

Top Fortinet NSE5_FSM-5.2 Exam Audio Study Guide! Practice Questions Edition: https://drive.google.com/open?id=1-eind90ORBynTb-G8TAqwQNF3DE5fP0h