The Secret Of Fortinet NSE5_FSM-5.2 Vce

NEW QUESTION 1
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

• A. Eight results will be displayed
• B. Four results will be displayed
• C. Two results will be displayed
• D. Unique attributes cannot be grouped

Answer: D

NEW QUESTION 2
Which item is required to register a FortiSIEM appliance license?

• A. Static storage
• B. Static MAC address
• C. Static IP address
• D. Static Hardware ID

Answer: D

NEW QUESTION 3
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

• A. Seven results will be displayed.
• B. There results will be displayed.
• C. Unique attribute cannot be grouped.
• D. Five results will be displayed.

Answer: D

NEW QUESTION 4
What protocol can be used to collect Windows event logs in an agentless method?

• A. SSH
• B. SNMP
• C. WMI
• D. SMTP

Answer: C

NEW QUESTION 5
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

• A. 16GB RAM
• B. 32GB RAM
• C. 64GB RAM
• D. 24GB RAM

Answer: D

NEW QUESTION 6
Which two FortiSIEM components work together to provide real-time event correlation?

• A. Collector and Windows agent
• B. Supervisor and worker
• C. Worker and collector
• D. Supervisor and collector

Answer: D

NEW QUESTION 7
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

• A. The Event Receive Time attribute is not available for logs.
• B. The attribute COUNT(Matched event) is an invalid expression.
• C. Unique attributes cannot be grouped.
• D. No RAW Event Log attribute is available for devices.

Answer: C

NEW QUESTION 8
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

• A. External Event Receive Protocol
• B. Event Received Proto Agents
• C. External Event Receive Raw Logs
• D. External Event Receive Agents

Answer: A

NEW QUESTION 9
What are the four categories of incidents?

• A. Devices, users, high risk, and low risk
• B. Performance, availability, security, and change
• C. Performance, devices, high risk, and low risk
• D. Security, change, high risk, and low risk

Answer: B

NEW QUESTION 10
What operating system is FortiSIEM based on?

• A. Cent OS
• B. Microsoft Windows
• C. RedHat
• D. Ubuntu

Answer: A

NEW QUESTION 11
Device discovery information is stored in which database?

• A. CMDB
• B. Profile DB
• C. Event DB
• D. SVN DB

Answer: A

NEW QUESTION 12
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

• A. Through GUI log discovery
• B. Through syslog discovery
• C. Using the pull events method
• D. Through auto log discovery

Answer: A

NEW QUESTION 13
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B. Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

• A. Server A will not generate any incidents and Server B will not generate any incidents
• B. Server A will generate one incident and Server B wifl generate one incident
• C. Server A will generate one incident and Server B will not generate any incidents
• D. Server B will generate one incident and Server A will not generate any incidents

Answer: A

NEW QUESTION 14
......