Fortinet NSE5_FSM-6.3 Exam Practice Test Instant Access

Question 1

If FortiSIEM supervisor is deployed with the worker using the proprietary flat file database, which action is required?

AAn event database must be placed on NFS

BCollectors must be deployed

CA FortiSIEM service provider license must be obtained

DA separate network interface must be used for the storage network

Answer : A

Question 2

Refer to the exhibit.

What does the pauso icon indicate?

AData collection is paused after the intervals shown for metrics.

BData collection has not started.

CData collection execution failed because the device is not reachable.

DData collection is paused duo to an issue, such as a change of password.

Answer : D

Data Collection Status: FortiSIEM displays various icons to indicate the status of data collection for different devices.

Pause Icon: The pause icon specifically indicates that data collection is paused, but this can happen due to several reasons.

Common Cause for Pausing: One common cause for pausing data collection is an issue such as a change of password, which prevents the system from authenticating and collecting data.

Exhibit Analysis: In the provided exhibit, the presence of the pause icon next to the device suggests that data collection has encountered an issue that has caused it to pause.

Reference: FortiSIEM 6.3 User Guide, Device Management and Data Collection Status Icons section, which explains the different icons and their meanings.

Question 3

Which protocol do collectors use to communicate with a FortiSIEM cluster?

ASyslog

BSNMP

CHTTPS

DSMTP

Answer : C

Question 4

Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

AA yellow star indicates that a metric was applied during discovery, and data has been collected successfully

BA yellow star indicates that a metric was applied during discovery, but data collection has not started

CA yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

DA yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer : B

Monitor Column Indicators: In FortiSIEM, the Monitor column displays the status of various metrics applied during the discovery process.

Yellow Star Meaning: A yellow star next to a metric indicates that the metric was successfully applied during discovery and data has been collected for that metric.

Successful Data Collection: This visual indicator helps administrators quickly identify which metrics are active and have data available for analysis.

Reference: FortiSIEM 6.3 User Guide, Device Monitoring section, which explains the significance of different icons and indicators in the Monitor column.

Question 5

What are two tasks that you must do to make a secondary FortiSIEM device ready for disaster recovery? (Choose two.)

AConfigure the replication of CMDB database.

BConfigure the replication of license and license entitlements.

CConfigure the replication of FortiSIEM certificates.

DConfigure the replication of profile data.

Answer : A, D

Question 6

In me FortiSIEM CLI. which command must you use to determine whether or not syslog is being received from a network device?

Atcpdump

BOphSyslogRecorder

COnetcat

DphDeviceTest

Answer : A

Syslog Reception Verification: To verify whether syslog messages are being received from a network device, a network packet capture tool can be used.

tcpdump Command: tcpdump is a powerful command-line packet analyzer tool available in Unix-like operating systems. It allows administrators to capture and analyze network traffic.

Usage: By using tcpdump with the appropriate filters (e.g., port 514 for syslog), administrators can monitor the incoming syslog messages in real-time to verify if they are being received.

Example Command: tcpdump -i <interface> port 514 captures the syslog messages on the specified network interface.

Reference: FortiSIEM 6.3 User Guide, CLI Commands section, which details the usage of tcpdump for network traffic analysis and verification of syslog reception.

Question 7

Refer to the exhibit.

Which value will FortiSIEM use to populate the Connection Id field?

A33909

B134

CThe connection ID is not in the raw message.

D408228

Answer : D

Fortinet NSE 5 - FortiSIEM 6.3 NSE5_FSM-6.3 Exam Practice Test