Fortinet NSE5_FSM-5.2 Exam Practice Test Instant Access

Question 1

Which two FortiSIEM components work together to provide real-time event correlation?

ACollector and Windows agent

BSupervisor and worker

CWorker and collector

DSupervisor and collector

Answer : D

Question 2

If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

AA new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.

BThe incident status changes to Repeated and the First Seen and Last Seen times are updated.

CA new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated

DThe Incident Count value increases, and the First Seen and Last Seen tomes update

Answer : A

Question 3

Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

AProfile DB

BEvent DB

CCMDB

DSVN DB

Answer : A

Question 4

Which process converts Raw log data to structured data?

AData enrichment

BData classification

CData parsing

DData validation

Answer : C

Question 5

If an incident's status is Cleared, what does this mean?

ATwo hours have passed since the incident occurred and the incident has not reoccurred.

BA clear condition set on a rule was satisfied.

CA security rule issue has been resolved.

DThe incident was cleared by an operator.

Answer : B

Question 6

Which FortiSIEM components are capable of performing device discovery?

AFortiSIEM Windows agent

BWorker

CFortiSIEM Linux agent

DCollector

Answer : D

Question 7

What are the four categories of incidents?

ADevices, users, high risk, and low risk

BPerformance, availability, security, and change

CPerformance, devices, high risk, and low risk

DSecurity, change, high risk, and low risk

Answer : B

Fortinet NSE 5 - FortiSIEM 5.2 NSE5_FSM-5.2 Exam Practice Test