Fortinet NSE5_FSM-5.2 Exam Questions Instant Access

Question 1

Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.

As shown in the exhibit, why are some of the fields highlighted in red?

AThe Event Receive Time attribute is not available for logs.

BThe attribute COUNT(Matched event) is an invalid expression.

CUnique attributes cannot be grouped.

DNo RAW Event Log attribute is available for devices.

Answer : C

Question 2

In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

AELSE

BNOT

CFOLLOWED_BY

DOR

EAND

Answer : A, B, E

Question 3

Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

ASeven results will be displayed.

BThere results will be displayed.

CUnique attribute cannot be grouped.

DFive results will be displayed.

Answer : D

Question 4

To determine SNMP discovery issues, which is the best command from the backend?

Asnmpwalk

BphSNMPTest

Csnmptest

Dssh

Answer : A

Question 5

Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

AThrough GUI log discovery

BThrough syslog discovery

CUsing the pull events method

DThrough auto log discovery

Answer : A

Question 6

Which two FortiSIEM components work together to provide real-time event correlation?

ACollector and Windows agent

BSupervisor and worker

CWorker and collector

DSupervisor and collector

Answer : D

Question 7

Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

AEight results will be displayed

BFour results will be displayed

CTwo results will be displayed

DUnique attributes cannot be grouped

Answer : D

Fortinet NSE 5 - FortiSIEM 5.2 NSE5_FSM-5.2 Exam Questions