Fortinet NSE5_FSM-5.2 Exam Questions Instant Access

Question 1

What are the four possible incident status values?

AActive, dosed, cleared, open

BActive, cleared, cleared manually, system cleared

CActive, closed, manual, resolved

DActive, auto cleared, manual, false positive

Answer : C

Question 2

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

Based on the selected filters shown in the exhibit, why are there no search results?

AThe keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

BIn the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.

CThe administrator selected - in the Operator column That a the wrong operator.

DThe administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Answer : C

Question 3

Which FortiSIEM components can do performance availability and performance monitoring?

ASupervisor, worker, and collector

BSupervisor and workers only

CSupervisor only

DCollectors only

Answer : A

Question 4

If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

AA new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.

BThe incident status changes to Repeated and the First Seen and Last Seen times are updated.

CA new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated

DThe Incident Count value increases, and the First Seen and Last Seen tomes update

Answer : A

Question 5

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

APH_DEV_MON_PROC_STOP

BPostfix-Mail-Slop

CGeneric_SMTP_Process_Exit

DPH_DEV_MON_SMTP_STOP

Answer : A

Question 6

What are the four categories of incidents?

ADevices, users, high risk, and low risk

BPerformance, availability, security, and change

CPerformance, devices, high risk, and low risk

DSecurity, change, high risk, and low risk

Answer : B

Question 7

In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

AThe collector drops incoming events like syslog. but slops performance collection

BThe collector continues performance collection of devices, but stops receiving syslog

CThe collector buffers events

DThe collector processes stop, and events are dropped

Answer : D

Fortinet NSE 5 - FortiSIEM 5.2 NSE5_FSM-5.2 Exam Questions