How Many Questions Of NSE5_FSM-5.2 Questions

NEW QUESTION 1
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

• A. Seven results will be displayed.
• B. There results will be displayed.
• C. Unique attribute cannot be grouped.
• D. Five results will be displayed.

Answer: D

NEW QUESTION 2
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

• A. 16GB RAM
• B. 32GB RAM
• C. 64GB RAM
• D. 24GB RAM

Answer: D

NEW QUESTION 3
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

• A. The keyword is case sensitive Instead of typing TCP in the Value fiel
• B. the administrator should type tcp.
• C. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
• D. The administrator selected - in the Operator column That a the wrong operator.
• E. The administrator selected AND in the Next drop-down lis
• F. This is the wrong boolean operator.

Answer: C

NEW QUESTION 4
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

• A. External Event Receive Protocol
• B. Event Received Proto Agents
• C. External Event Receive Raw Logs
• D. External Event Receive Agents

Answer: A

NEW QUESTION 5
Which command displays the Linux agent status?

• A. Service fsm-linux-agent status
• B. Service Ao-linux-agent status
• C. Service fortisiem-linux-agent status
• D. Service linux-agent status

Answer: C

NEW QUESTION 6
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B. Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

• A. Server A will not generate any incidents and Server B will not generate any incidents
• B. Server A will generate one incident and Server B wifl generate one incident
• C. Server A will generate one incident and Server B will not generate any incidents
• D. Server B will generate one incident and Server A will not generate any incidents

Answer: A

NEW QUESTION 7
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

• A. CMDB Report Conditions
• B. Data Conditions
• C. UI Access

Answer: B

NEW QUESTION 8
To determine SNMP discovery issues, which is the best command from the backend?

• A. snmpwalk
• B. phSNMPTest
• C. snmptest
• D. ssh

Answer: A

NEW QUESTION 9
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

• A. The collector drops incoming events like syslo
• B. but slops performance collection
• C. The collector continues performance collection of devices, but stops receiving syslog
• D. The collector buffers events
• E. The collector processes stop, and events are dropped

Answer: D

NEW QUESTION 10
Which process converts Raw log data to structured data?

• A. Data enrichment
• B. Data classification
• C. Data parsing
• D. Data validation

Answer: C

NEW QUESTION 11
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

• A. Profile DB
• B. Event DB
• C. CMDB
• D. SVN DB

Answer: A

NEW QUESTION 12
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

• A. The CMDB database must be on NFS
• B. The event database must be on NFS
• C. The event database must be on a local disk
• D. The \archive mount must be on a local disk

Answer: B

NEW QUESTION 13
Which FortiSIEM components can do performance availability and performance monitoring?

• A. Supervisor, worker, and collector
• B. Supervisor and workers only
• C. Supervisor only
• D. Collectors only

Answer: A

NEW QUESTION 14
......