Fortinet NSE 5 - FortiSIEM 6.3 NSE5_FSM-6.3 Exam Practice Test

Page: 1 / 14
Total 63 questions
Question 1

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?



Answer : C

Incident Management in FortiSIEM: FortiSIEM tracks incidents and their occurrences to help administrators manage and respond to recurring issues.

Performance Rule Triggering: When a performance rule, such as one for high CPU usage, is repeatedly triggered, FortiSIEM updates the corresponding incident rather than creating a new one each time.

Incident Table Updates:

Incident Count: The Incident Count value increases each time the rule is triggered, indicating how many times the incident has occurred.

First Seen and Last Seen Times: These timestamps are updated to reflect the first occurrence and the most recent occurrence of the incident.

Reference: FortiSIEM 6.3 User Guide, Incident Management section, explains how FortiSIEM handles recurring incidents and updates the incident table accordingly.


Question 2

What action must you take to produce a report that indicates which OS version the Windows servers in your environment are running on?



Answer : B


Question 3

Refer to the exhibits.

Three events are collected over a 10-minute time period from two servers: Server A and Server B.

Based on the settings tor the rule subpattern. how many incidents will the servers generate?



Answer : D

Event Collection Overview: The exhibits show three events collected over a 10-minute period from two servers, Server A and Server B.

Rule Subpattern Settings: The rule subpattern specifies two conditions:

AVG(CPU Util) > DeviceToCMDBAttr(Host IP : Server CPU Util Critical Threshold): This checks if the average CPU utilization exceeds the critical threshold defined for each server.

COUNT(Matched Events) >= 2: This requires at least two matching events within the specified period.

Server A Analysis:

Events: Three events (CPU=90, CPU=90, CPU=95).

Average CPU Utilization: (90+90+95)/3 = 91.67, which exceeds the critical threshold of 90.

Matched Events Count: 3, which meets the condition of being greater than or equal to 2.

Incident Generation: Server A meets both conditions, so it generates one incident.

Server B Analysis:

Events: Three events (CPU=70, CPU=50, CPU=60).

Average CPU Utilization: (70+50+60)/3 = 60, which does not exceed the critical threshold of 90.

Matched Events Count: 3, but since the average CPU utilization condition is not met, no incident is generated.

Conclusion: Based on the rule subpattern, Server A will generate one incident, and Server B will not generate any incidents.

Reference: FortiSIEM 6.3 User Guide, Event Correlation Rules and Incident Management sections, which explain how incidents are generated based on rule subpatterns and event conditions.


Question 4

Refer to the exhibit.

What does the pauso icon indicate?



Answer : D

Data Collection Status: FortiSIEM displays various icons to indicate the status of data collection for different devices.

Pause Icon: The pause icon specifically indicates that data collection is paused, but this can happen due to several reasons.

Common Cause for Pausing: One common cause for pausing data collection is an issue such as a change of password, which prevents the system from authenticating and collecting data.

Exhibit Analysis: In the provided exhibit, the presence of the pause icon next to the device suggests that data collection has encountered an issue that has caused it to pause.

Reference: FortiSIEM 6.3 User Guide, Device Management and Data Collection Status Icons section, which explains the different icons and their meanings.


Question 5

If FortiSIEM supervisor is deployed with the worker using the proprietary flat file database, which action is required?



Answer : A


Question 6

Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?



Answer : B

Monitor Column Indicators: In FortiSIEM, the Monitor column displays the status of various metrics applied during the discovery process.

Yellow Star Meaning: A yellow star next to a metric indicates that the metric was successfully applied during discovery and data has been collected for that metric.

Successful Data Collection: This visual indicator helps administrators quickly identify which metrics are active and have data available for analysis.

Reference: FortiSIEM 6.3 User Guide, Device Monitoring section, which explains the significance of different icons and indicators in the Monitor column.


Question 7

What does the Frequency field determine on a rule?



Answer : C

Rule Evaluation in FortiSIEM: Rules in FortiSIEM are evaluated periodically to check if the defined conditions or subpatterns are met.

Frequency Field: The Frequency field in a rule determines the interval at which the rule's subpattern will be evaluated.

Evaluation Interval: This defines how often the system will check the incoming events against the rule's subpattern to determine if an incident should be triggered.

Impact on Performance: Setting an appropriate frequency is crucial to balance between timely detection of incidents and system performance.

Examples:

If the Frequency is set to 5 minutes, the rule will evaluate the subpattern every 5 minutes.

This means that every 5 minutes, the system will check if the conditions defined in the subpattern are met by the incoming events.

Reference: FortiSIEM 6.3 User Guide, Rules and Incidents section, which explains the Frequency field and how it impacts the evaluation of subpatterns in rules.


Page:    1 / 14   
Total 63 questions