New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Fortinet > NSE 5 Network Security Analyst > NSE5_FSM-6.3

NSE5_FSM-6.3 Fortinet NSE 5 - FortiSIEM 6.3 Question and Answers

Question # 4

In me FortiSIEM CLI. which command must you use to determine whether or not syslog is being received from a network device?

A.

tcpdump

B.

OphSyslogRecorder

C.

Onetcat

D.

phDeviceTest

Full Access
Question # 5

Refer to the exhibit.

A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.

As shown in the exhibit, why are some of the fields highlighted in red?

A.

Unique attributes cannot be grouped.

B.

The Event Receive Time attribute is not available for logs.

C.

The attribute COUNT(Matched events) is an invalid expression.

D.

No RAW Event Log attribute is available for devices.

Full Access
Question # 6

IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

A.

Up status is assigned because of received packets.

B.

Critical status is assigned because of reduction in number of packets received.

C.

Degraded status is assigned because of packet loss

D.

Down status is assigned because of packet loss.

Full Access
Question # 7

Which two FortiSIEM components work together to provide real-time event correlation?

A.

Supervisor and worker

B.

Collector and Windows agent

C.

Worker and collector

D.

Supervisor and collector

Full Access
Question # 8

What are the four possible incident status values?

A.

Active, dosed, cleared, open

B.

Active, cleared, cleared manually, system cleared

C.

Active, closed, manual, resolved

D.

Active, auto cleared, manual, false positive

Full Access
Question # 9

Refer to the exhibit.

If events are grouped by User. Source IP. and Application Category attributes in FortiSiEM. how many results will be displayed?

A.

Three results will be displayed.

B.

Five results will be displayed.

C.

No results will be displayed.

D.

Seven results will be displayed.

Full Access
Question # 10

Consider the storage of anomaly baseline date that is calculated for different parameters. Which database is used for storing this data?

A.

Event DB

B.

Profile DB

C.

SVNDB

D.

CMDB

Full Access
Question # 11

Device discovery information is stored in which database?

A.

CMDB

B.

Profile DB

C.

Event DB

D.

SVN DB

Full Access
Question # 12

Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.

Which is the correct expression?

A.

Matched Events COUNT()

B.

Matched Events(COUNT)

C.

COUNT(Matched Events)

D.

(COUNT) Matched Events

Full Access
Question # 13

Which FortiSIEM components can do performance availability and performance monitoring?

A.

Supervisor, worker, and collector

B.

Supervisor and workers only

C.

Supervisor only

D.

Collectors only

Full Access
Question # 14

What is a prerequisite for FortiSIEM Linux agent installation?

A.

The web server must be installed on the Linux server being monitored

B.

The auditd service must be installed on the Linux server being monitored

C.

The Linux agent manager server must be installed.

D.

Both the web server and the audit service must be installed on the Linux server being monitored

Full Access
Question # 15

Refer to the exhibit.

Which value will FortiSIEM use to populate the Event Type field?

A.

PHL_INFO

B.

phPerfJob

C.

PH_DSV_MON_SYS_DISK_UTIL

D.

diskUtil

Full Access