Fortinet NSE5_FSM-5.2 Exam Questions Instant Access

Question 1

Which FortiSIEM components can do performance availability and performance monitoring?

ASupervisor, worker, and collector

BSupervisor and workers only

CSupervisor only

DCollectors only

Answer : A

Question 2

A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

ACMDBReportConditions

BDataConditions

CUI Access

Answer : B

Question 3

Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

AA yellow star indicates that a metric was applied during discovery, and data has been collected successfully

BA yellow star indicates that a metric was applied during discovery, but data collection has not started

CA yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

DA yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer : B

Question 4

Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.

Which is the correct expression?

AMatched Events COUNT()

BMatched Events(COUNT)

CCOUNT(Matched Events)

D(COUNT) Matched Events

Answer : C

Question 5

An administrator wants to search for events received from Linux and Windows agents.

Which attribute should the administrator use in search filters, to view events received from agents only.

AExternal Event Receive Protocol

BEvent Received Proto Agents

CExternal Event Receive Raw Logs

DExternal Event Receive Agents

Answer : A

Question 6

Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

ASeven results will be displayed.

BThere results will be displayed.

CUnique attribute cannot be grouped.

DFive results will be displayed.

Answer : D

Question 7

What are the four possible incident status values?

AActive, dosed, cleared, open

BActive, cleared, cleared manually, system cleared

CActive, closed, manual, resolved

DActive, auto cleared, manual, false positive

Answer : C

Fortinet NSE 5 - FortiSIEM 5.2 NSE5_FSM-5.2 Exam Questions