Fortinet NSE5_FSM-5.2 Free Practice Questions

NEW QUESTION 1
What operating system is FortiSIEM based on?

• A. Cent OS
• B. Microsoft Windows
• C. RedHat
• D. Ubuntu

Answer: A

NEW QUESTION 2
What are the four categories of incidents?

• A. Devices, users, high risk, and low risk
• B. Performance, availability, security, and change
• C. Performance, devices, high risk, and low risk
• D. Security, change, high risk, and low risk

Answer: B

NEW QUESTION 3
Which protocol is almost always required for the FortiSIEM GUI discovery process?

• A. SNMP
• B. WMI
• C. Syslog
• D. Telnet

Answer: A

NEW QUESTION 4
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

• A. PH_DEV_MON_PROC_STOP
• B. Postfix-Mail-Slop
• C. Generic_SMTP_Process_Exit
• D. PH_DEV_MON_SMTP_STOP

Answer: A

NEW QUESTION 5
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

• A. 16GB RAM
• B. 32GB RAM
• C. 64GB RAM
• D. 24GB RAM

Answer: D

NEW QUESTION 6
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

• A. Eight results will be displayed
• B. Four results will be displayed
• C. Two results will be displayed
• D. Unique attributes cannot be grouped

Answer: D

NEW QUESTION 7
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

• A. The Event Receive Time attribute is not available for logs.
• B. The attribute COUNT(Matched event) is an invalid expression.
• C. Unique attributes cannot be grouped.
• D. No RAW Event Log attribute is available for devices.

Answer: C

NEW QUESTION 8
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• A. UDP9999
• B. UDP 162
• C. TCP 514
• D. UDP 514
• E. TCP 1470

Answer: CDE

NEW QUESTION 9
Which FortiSIEM components are capable of performing device discovery?

• A. FortiSIEM Windows agent
• B. Worker
• C. FortiSIEM Linux agent
• D. Collector

Answer: D

NEW QUESTION 10
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

• A. Time Window
• B. Aggregation
• C. Group By
• D. Filters

Answer: B

NEW QUESTION 11
Which two export methods are available for FortiSIEM analytics results? (Choose two.)

• A. CSV
• B. PNG
• C. HTML
• D. PDF

Answer: AD

NEW QUESTION 12
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

• A. Supervisor
• B. Worker
• C. Collector
• D. Agent

Answer: B

NEW QUESTION 13
Which FortiSIEM components can do performance availability and performance monitoring?

• A. Supervisor, worker, and collector
• B. Supervisor and workers only
• C. Supervisor only
• D. Collectors only

Answer: A

NEW QUESTION 14
......