• Home
  • Blogs
  • [Jan-2022] NSE5_FSM-5.2 exam torrent Fortinet study guide [Q24-Q47]

[Jan-2022] NSE5_FSM-5.2 exam torrent Fortinet study guide [Q24-Q47]

Share

[Jan-2022] NSE5_FSM-5.2 exam torrent Fortinet study guide

Use Valid New NSE5_FSM-5.2 Test Notes & NSE5_FSM-5.2 Valid Exam Guide

NEW QUESTION 24
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. COUNT(Matched Events)
  • B. Matched Events(COUNT)
  • C. (COUNT) Matched Events
  • D. Matched Events COUNT()

Answer: A

 

NEW QUESTION 25
Which protocol is almost always required for the FortiSIEM GUI discovery process?

  • A. SNMP
  • B. WMI
  • C. Syslog
  • D. Telnet

Answer: A

 

NEW QUESTION 26
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. Unique attributes cannot be grouped.
  • B. The attribute COUNT(Matched event) is an invalid expression.
  • C. The Event Receive Time attribute is not available for logs.
  • D. No RAW Event Log attribute is available for devices.

Answer: A

 

NEW QUESTION 27
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

  • A. Critical status is assigned because of reduction in number of packets received
  • B. Degraded status is assigned because of packet loss
  • C. Down status is assigned because of packet loss.
  • D. Up status is assigned because of received packets

Answer: B

 

NEW QUESTION 28
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Two results will be displayed
  • B. Four results will be displayed
  • C. Unique attributes cannot be grouped
  • D. Eight results will be displayed

Answer: C

 

NEW QUESTION 29
To determine whether or not syslog is being received from a network device, which is the best command from the backend?

  • A. phDeviceTest
  • B. phSyslogRecorder
  • C. netcat
  • D. tcpdump

Answer: D

 

NEW QUESTION 30
What is a prerequisite for FortiSIEM Linux agent installation?

  • A. The auditd service must be installed on the Linux server being monitored
  • B. The web server must be installed on the Linux server being monitored
  • C. The Linux agent manager server must be installed.
  • D. Both the web server and the audit service must be installed on the Linux server being monitored

Answer: D

 

NEW QUESTION 31
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Filters
  • B. Time Window
  • C. Aggregation
  • D. Group By

Answer: D

 

NEW QUESTION 32
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

  • A. The collector processes stop, and events are dropped
  • B. The collector continues performance collection of devices, but stops receiving syslog
  • C. The collector buffers events
  • D. The collector drops incoming events like syslog. but slops performance collection

Answer: A

 

NEW QUESTION 33
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP 514
  • B. TCP 514
  • C. UDP9999
  • D. TCP 1470
  • E. UDP 162

Answer: A,D,E

 

NEW QUESTION 34
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Filters
  • B. Time Window
  • C. Group By
  • D. Aggregation

Answer: D

 

NEW QUESTION 35
What operating system is FortiSIEM based on?

  • A. Cent OS
  • B. Ubuntu
  • C. RedHat
  • D. Microsoft Windows

Answer: A

 

NEW QUESTION 36
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. SVN DB
  • B. Event DB
  • C. Profile DB
  • D. CMDB

Answer: B

 

NEW QUESTION 37
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

  • A. L2 scan
  • B. Smart scan
  • C. CMDB scan
  • D. Range scan

Answer: B

 

NEW QUESTION 38
If an incident's status is Cleared, what does this mean?

  • A. A security rule issue has been resolved.
  • B. A clear condition set on a rule was satisfied.
  • C. The incident was cleared by an operator.
  • D. Two hours have passed since the incident occurred and the incident has not reoccurred.

Answer: B

 

NEW QUESTION 39
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

  • A. The Incident Count value increases, and the First Seen and Last Seen tomes update
  • B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
  • C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
  • D. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.

Answer: D

 

NEW QUESTION 40
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

  • A. Collector
  • B. Agent
  • C. Worker
  • D. Supervisor

Answer: C

 

NEW QUESTION 41
Which process converts Raw log data to structured data?

  • A. Data validation
  • B. Data enrichment
  • C. Data classification
  • D. Data parsing

Answer: A

 

NEW QUESTION 42
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. TCP 514
  • B. UDP 514
  • C. UDP 162
  • D. UDP9999
  • E. TCP 1470

Answer: A,B,E

 

NEW QUESTION 43
If an incident's status is Cleared, what does this mean?

  • A. A security rule issue has been resolved.
  • B. The incident was cleared by an operator.
  • C. A clear condition set on a rule was satisfied.
  • D. Two hours have passed since the incident occurred and the incident has not reoccurred.

Answer: D

 

NEW QUESTION 44
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. TELNET
  • B. LDAP start TLS
  • C. WMI
  • D. LDAPS

Answer: A

 

NEW QUESTION 45
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

  • A. L2 scan
  • B. Smart scan
  • C. CMDB scan
  • D. Range scan

Answer: B

 

NEW QUESTION 46
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. COUNT(Matched Events)
  • B. Matched Events(COUNT)
  • C. (COUNT) Matched Events
  • D. Matched Events COUNT()

Answer: A

 

NEW QUESTION 47
......

NSE5_FSM-5.2 Exam questions and answers: https://www.prep4away.com/Fortinet-certification/braindumps.NSE5_FSM-5.2.ete.file.html

NSE5_FSM-5.2 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://drive.google.com/open?id=1eibDn7vfTEL_jAMczm7DFe-4mOpt3DyZ 

Related Blogs

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam