Updated Apr-2023 100% Cover Real NSE5_FSM-5.2 Exam Questions Make Sure You 100% Pass NSE5_FSM-5.2 dumps Accurate Questions and Answers with Free and Fast Updates NEW QUESTION 22 Refer to the exhibit.A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the [...]

All Products Contact now

Updated Apr-2023 100% Cover Real NSE5_FSM-5.2 Exam Questions Make Sure You 100% Pass [Q22-Q43]

Share

Updated Apr-2023 100% Cover Real NSE5_FSM-5.2 Exam Questions Make Sure You 100% Pass

NSE5_FSM-5.2 dumps Accurate Questions and Answers with Free and Fast Updates

NEW QUESTION 22
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. LDAPS
  • B. TELNET
  • C. LDAP start TLS
  • D. WMI

Answer: B

 

NEW QUESTION 23
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. No RAW Event Log attribute is available for devices.
  • B. The attribute COUNT(Matched event) is an invalid expression.
  • C. The Event Receive Time attribute is not available for logs.
  • D. Unique attributes cannot be grouped.

Answer: D

 

NEW QUESTION 24
What is a prerequisite for FortiSIEM Linux agent installation?

  • A. Both the web server and the audit service must be installed on the Linux server being monitored
  • B. The auditd service must be installed on the Linux server being monitored
  • C. The Linux agent manager server must be installed.
  • D. The web server must be installed on the Linux server being monitored

Answer: A

 

NEW QUESTION 25
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP9999
  • B. TCP 1470
  • C. TCP 514
  • D. UDP 514
  • E. UDP 162

Answer: B,C,D

 

NEW QUESTION 26
Device discovery information is stored in which database?

  • A. Profile DB
  • B. SVN DB
  • C. CMDB
  • D. Event DB

Answer: C

 

NEW QUESTION 27
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Unique attributes cannot be grouped
  • B. Two results will be displayed
  • C. Eight results will be displayed
  • D. Four results will be displayed

Answer: A

 

NEW QUESTION 28
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

  • A. External Event Receive Protocol
  • B. External Event Receive Raw Logs
  • C. Event Received Proto Agents
  • D. External Event Receive Agents

Answer: A

 

NEW QUESTION 29
To determine SNMP discovery issues, which is the best command from the backend?

  • A. snmptest
  • B. ssh
  • C. phSNMPTest
  • D. snmpwalk

Answer: D

 

NEW QUESTION 30
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • D. A yellow star indicates that a metric was applied during discovery, but data collection has not started

Answer: A

 

NEW QUESTION 31
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

  • A. Collector
  • B. Agent
  • C. Worker
  • D. Supervisor

Answer: C

 

NEW QUESTION 32
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. No RAW Event Log attribute is available for devices.
  • B. The attribute COUNT(Matched event) is an invalid expression.
  • C. The Event Receive Time attribute is not available for logs.
  • D. Unique attributes cannot be grouped.

Answer: D

 

NEW QUESTION 33
What protocol can be used to collect Windows event logs in an agentless method?

  • A. WMI
  • B. SSH
  • C. SNMP
  • D. SMTP

Answer: A

 

NEW QUESTION 34
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

  • A. 64GB RAM
  • B. 24GB RAM
  • C. 16GB RAM
  • D. 32GB RAM

Answer: B

 

NEW QUESTION 35
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • D. A yellow star indicates that a metric was applied during discovery, but data collection has not started

Answer: D

 

NEW QUESTION 36
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

  • A. The event database must be on a local disk
  • B. The event database must be on NFS
  • C. The \archive mount must be on a local disk
  • D. The CMDB database must be on NFS

Answer: B

 

NEW QUESTION 37
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

  • A. Smart scan
  • B. CMDB scan
  • C. L2 scan
  • D. Range scan

Answer: A

 

NEW QUESTION 38
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. Matched Events(COUNT)
  • B. COUNT(Matched Events)
  • C. (COUNT) Matched Events
  • D. Matched Events COUNT()

Answer: B

 

NEW QUESTION 39
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Through syslog discovery
  • B. Through auto log discovery
  • C. Using the pull events method
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 40
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. There results will be displayed.
  • B. Five results will be displayed.
  • C. Seven results will be displayed.
  • D. Unique attribute cannot be grouped.

Answer: B

 

NEW QUESTION 41
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Through syslog discovery
  • B. Through auto log discovery
  • C. Using the pull events method
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 42
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. CMDB
  • B. Profile DB
  • C. SVN DB
  • D. Event DB

Answer: D

 

NEW QUESTION 43
......

Real NSE5_FSM-5.2 Quesions Pass Certification Exams Easily: https://pass4sure.guidetorrent.com/NSE5_FSM-5.2-dumps-questions.html

Related Articles

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam