Fortinet NSE5_FSM-6.3 Exam Practice Test Instant Access

Question 1

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

AA now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.

BA new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.

CThe Incident Count value increases, and the First Seen and Last Seen times update.

DThe incident status changes to Repeated, and the First Seen and Last Seen times are updated.

Answer : C

Incident Management in FortiSIEM: FortiSIEM tracks incidents and their occurrences to help administrators manage and respond to recurring issues.

Performance Rule Triggering: When a performance rule, such as one for high CPU usage, is repeatedly triggered, FortiSIEM updates the corresponding incident rather than creating a new one each time.

Incident Table Updates:

Incident Count: The Incident Count value increases each time the rule is triggered, indicating how many times the incident has occurred.

First Seen and Last Seen Times: These timestamps are updated to reflect the first occurrence and the most recent occurrence of the incident.

Reference: FortiSIEM 6.3 User Guide, Incident Management section, explains how FortiSIEM handles recurring incidents and updates the incident table accordingly.

Question 2

What are two tasks that you must do to make a secondary FortiSIEM device ready for disaster recovery? (Choose two.)

AConfigure the replication of CMDB database.

BConfigure the replication of license and license entitlements.

CConfigure the replication of FortiSIEM certificates.

DConfigure the replication of profile data.

Answer : A, D

Question 3

A customer is experiencing slow performance while executing long, adhoc analytic searches. Which FortiSIEM component can make the searches run faster?

ACorrelation worker

BEvent worker

CStorage worker

DQuery worker

Answer : D

Component Roles in FortiSIEM: Different components in FortiSIEM have specific roles and responsibilities, which contribute to the overall performance and functionality of the system.

Query Worker: The query worker component is specifically designed to handle and optimize search queries within FortiSIEM.

Function: It processes search requests and executes analytic searches efficiently, handling large volumes of data to provide quick results.

Optimization: By improving the efficiency of query execution, the query worker can significantly speed up long, ad hoc analytic searches, addressing performance issues.

Performance Impact: Utilizing the query worker ensures that searches are handled by a component optimized for such tasks, reducing the load on other components and improving overall system performance.

Reference: FortiSIEM 6.3 User Guide, System Components section, which describes the roles of different workers, including the query worker, and their impact on system performance.

Question 4

When configuring collectors located in geographically separated sites, what ports must be open on a front end firewall?

AHTTPS, from the collector to the worker upload settings address only

BHTTPS, from the collector to the supervisor and worker upload settings addresses

CHTTPS, from the Internet to the collector

DHTTPS, from the Internet to the collector and from the collector to the FortiSIEM cluster

Answer : B

FortiSIEM Architecture: In FortiSIEM, collectors gather data from various sources and send this data to supervisors and workers within the FortiSIEM architecture.

Communication Requirements: For collectors to effectively send data to the FortiSIEM system, specific communication channels must be open.

Port Usage: The primary port used for secure communication between the collectors and the FortiSIEM infrastructure is HTTPS (port 443).

Network Configuration: When configuring collectors in geographically separated sites, the HTTPS port must be open for the collectors to communicate with both the supervisor and the worker upload settings addresses. This ensures that the collected data can be securely transmitted to the appropriate processing and analysis components.

Reference: FortiSIEM 6.3 Administration Guide, Network Ports section details the necessary ports for communication within the FortiSIEM architecture.

Question 5

An administrator is investigating the slow performance of a FortiSlEM device.

Which command provides information about the CPU usage of FortiSlEM processes, disk usage, and EPS?

A./phxct1 --all

B./phstatus --a

C./phtools -a

D./phnfsstat.

Answer : B

Question 6

Refer to the exhibit.

What does the pauso icon indicate?

AData collection is paused after the intervals shown for metrics.

BData collection has not started.

CData collection execution failed because the device is not reachable.

DData collection is paused duo to an issue, such as a change of password.

Answer : D

Data Collection Status: FortiSIEM displays various icons to indicate the status of data collection for different devices.

Pause Icon: The pause icon specifically indicates that data collection is paused, but this can happen due to several reasons.

Common Cause for Pausing: One common cause for pausing data collection is an issue such as a change of password, which prevents the system from authenticating and collecting data.

Exhibit Analysis: In the provided exhibit, the presence of the pause icon next to the device suggests that data collection has encountered an issue that has caused it to pause.

Reference: FortiSIEM 6.3 User Guide, Device Management and Data Collection Status Icons section, which explains the different icons and their meanings.

Question 7

Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

AProfile DB

BEvent DB

CCMDB

DSVN DB

Answer : A

Anomaly Data Storage: Anomaly data, including running averages and standard deviation values for different parameters such as traffic and device resource usage, is stored in a specific database.

Profile DB: The Profile DB is used to store this type of anomaly data.

Function: It maintains statistical profiles and baselines for monitored parameters, which are used to detect anomalies and deviations from normal behavior.

Significance: Storing anomaly data in the Profile DB allows FortiSIEM to perform advanced analytics and alerting based on deviations from established baselines.

Reference: FortiSIEM 6.3 User Guide, Database Architecture section, which describes the purpose and contents of the Profile DB in storing anomaly and baseline data.

Fortinet NSE5_FSM-6.3 Fortinet NSE 5 - FortiSIEM 6.3 Exam Practice Test