New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE5_FSM-6.3 Fortinet NSE 5 - FortiSIEM 6.3 Exam Practice Test

Page: 1 / 5
Total 50 questions

Fortinet NSE 5 - FortiSIEM 6.3 Questions and Answers

Question 1

Device discovery information is stored in which database?

Options:

A.

CMDB

B.

Profile DB

C.

Event DB

D.

SVN DB

Question 2

Which two FortiSIEM components work together to provide real-time event correlation?

Options:

A.

Supervisor and worker

B.

Collector and Windows agent

C.

Worker and collector

D.

Supervisor and collector

Question 3

Refer to the exhibit.

Question # 3

What do the yellow stars listed in the Monitor column indicate?

Options:

A.

A yellow star indicates that a metric was applied during discovery, and data has been collected successfully

B.

A yellow star indicates that a metric was applied during discovery, but data collection has not started

C.

A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

D.

A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Question 4

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

Options:

A.

Time Window

B.

Aggregation

C.

Group By

D.

Filters

Question 5

How is a subparttern for a rule defined?

Options:

A.

Filters Aggregation. Group By definition

B.

Filters Group By definitions. Threshold

C.

Filters Threshold Time Window definitions

D.

Filters Aggregation Time Window definitions

Question 6

What does the Frequency field determine on a rule?

Options:

A.

How often the rule will evaluate the subpattern.

B.

How often the rule will trigger for the same condition.

C.

How often the rule will trigger.

D.

How often the rule will take a clear action.

Question 7

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

Options:

A.

FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.

B.

FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.

C.

FortiSIEM automatically configures network devices to send syslog using the GUI discovery process

D.

Syslog configuration must be done manually on devices by the network administrator.

Question 8

Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

Options:

A.

CMDB scan

B.

L2 scan

C.

Range scan

D.

Smart scan

Question 9

IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

Options:

A.

Up status is assigned because of received packets.

B.

Critical status is assigned because of reduction in number of packets received.

C.

Degraded status is assigned because of packet loss

D.

Down status is assigned because of packet loss.

Question 10

An administrator defines SMTP as a critical process on a Linux server.

It the SMTP process is stopped. FortiSIEM will generate a critical event with which event type?

Options:

A.

Postfix-Mail-Stop

B.

PH_DEV_MON_PROC_STOP

C.

PH_DEV_MON_SMTP_STOP

D.

Generic_SMTP_Procoss_Exit

Question 11

An administrator is in the process of renewing a FortiSIEM license. Which two commands will provide the system ID? (Choose two.)

Options:

A.

phgetHWID

B.

./phLicenseTool - support

C.

phgetUUID

D.

./phLicenseTool-show

Question 12

Refer to the exhibit.

Question # 12

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server

Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

Options:

A.

TELNET

B.

WMI

C.

LDAPS

D.

LDAP start TLS

Question 13

Where do you configure rule notifications and automated remediation on FortiSIEM?

Options:

A.

Notification policy

B.

Remediation policy

C.

Notification engine

D.

Remediation engine

Question 14

In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

Options:

A.

ELSE

B.

NOT

C.

FOLLOWED_BY

D.

OR

E.

AND

Question 15

When configuring collectors located in geographically separated sites, what ports must be open on a front end firewall?

Options:

A.

HTTPS, from the collector to the worker upload settings address only

B.

HTTPS, from the collector to the supervisor and worker upload settings addresses

C.

HTTPS, from the Internet to the collector

D.

HTTPS, from the Internet to the collector and from the collector to the FortiSIEM cluster

Page: 1 / 5
Total 50 questions