Fortinet NSE 5 - FortiSIEM 6.3 NSE5_FSM-6.3 Exam Questions

Answer : B

Answer : D

Answer : B

Monitor Column Indicators: In FortiSIEM, the Monitor column displays the status of various metrics applied during the discovery process.

Yellow Star Meaning: A yellow star next to a metric indicates that the metric was successfully applied during discovery and data has been collected for that metric.

Successful Data Collection: This visual indicator helps administrators quickly identify which metrics are active and have data available for analysis.

Reference: FortiSIEM 6.3 User Guide, Device Monitoring section, which explains the significance of different icons and indicators in the Monitor column.

Answer : A, C

License Renewal Process: When renewing a FortiSIEM license, it is essential to provide the system ID, which uniquely identifies the FortiSIEM instance.

Commands to Retrieve System ID:

phgetHWID: This command retrieves the hardware ID of the FortiSIEM appliance.

Usage: Run the command phgetHWID in the CLI to obtain the hardware ID.

phgetUUID: This command retrieves the universally unique identifier (UUID) for the FortiSIEM system.

Usage: Run the command phgetUUID in the CLI to obtain the UUID.

Verification: Both phgetHWID and phgetUUID are valid commands for retrieving the necessary system IDs required for license renewal.

Reference: FortiSIEM 6.3 Administration Guide, Licensing section details the commands and procedures for obtaining system identification information necessary for license renewal.

Answer : A

Syslog Reception Verification: To verify whether syslog messages are being received from a network device, a network packet capture tool can be used.

tcpdump Command: tcpdump is a powerful command-line packet analyzer tool available in Unix-like operating systems. It allows administrators to capture and analyze network traffic.

Usage: By using tcpdump with the appropriate filters (e.g., port 514 for syslog), administrators can monitor the incoming syslog messages in real-time to verify if they are being received.

Example Command: tcpdump -i <interface> port 514 captures the syslog messages on the specified network interface.

Reference: FortiSIEM 6.3 User Guide, CLI Commands section, which details the usage of tcpdump for network traffic analysis and verification of syslog reception.

Answer : C

Incident Management in FortiSIEM: FortiSIEM tracks incidents and their occurrences to help administrators manage and respond to recurring issues.

Performance Rule Triggering: When a performance rule, such as one for high CPU usage, is repeatedly triggered, FortiSIEM updates the corresponding incident rather than creating a new one each time.

Incident Table Updates:

Incident Count: The Incident Count value increases each time the rule is triggered, indicating how many times the incident has occurred.

First Seen and Last Seen Times: These timestamps are updated to reflect the first occurrence and the most recent occurrence of the incident.

Reference: FortiSIEM 6.3 User Guide, Incident Management section, explains how FortiSIEM handles recurring incidents and updates the incident table accordingly.

Answer : B

FortiSIEM Architecture: In FortiSIEM, collectors gather data from various sources and send this data to supervisors and workers within the FortiSIEM architecture.

Communication Requirements: For collectors to effectively send data to the FortiSIEM system, specific communication channels must be open.

Port Usage: The primary port used for secure communication between the collectors and the FortiSIEM infrastructure is HTTPS (port 443).

Network Configuration: When configuring collectors in geographically separated sites, the HTTPS port must be open for the collectors to communicate with both the supervisor and the worker upload settings addresses. This ensures that the collected data can be securely transmitted to the appropriate processing and analysis components.

Reference: FortiSIEM 6.3 Administration Guide, Network Ports section details the necessary ports for communication within the FortiSIEM architecture.