New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE5_FSM-6.3 Dumps Questions Answers

Fortinet NSE 5 - FortiSIEM 6.3 Questions and Answers

Question 1

Refer to the exhibit.

Which value will FortiSIEM use to populate the Event Type field?

Options:

A.

PHL_INFO

B.

phPerfJob

C.

PH_DSV_MON_SYS_DISK_UTIL

D.

diskUtil

Buy Now
Question 2

Refer to the exhibit.

If events are grouped by User. Source IP. and Application Category attributes in FortiSiEM. how many results will be displayed?

Options:

A.

Three results will be displayed.

B.

Five results will be displayed.

C.

No results will be displayed.

D.

Seven results will be displayed.

Question 3

An administrator defines SMTP as a critical process on a Linux server.

It the SMTP process is stopped. FortiSIEM will generate a critical event with which event type?

Options:

A.

Postfix-Mail-Stop

B.

PH_DEV_MON_PROC_STOP

C.

PH_DEV_MON_SMTP_STOP

D.

Generic_SMTP_Procoss_Exit

Question 4

Which FortiSIEM components are capable of performing device discovery?

Options:

A.

FortiSIEM Windows agent

B.

Worker

C.

FortiSIEM Linux agent

D.

Collector

Question 5

Refer to the exhibit.

What does the pauso icon indicate?

Options:

A.

Data collection is paused after the intervals shown for metrics.

B.

Data collection has not started.

C.

Data collection execution failed because the device is not reachable.

D.

Data collection is paused duo to an issue, such as a change of password.

Question 6

Which process converts raw log data to structured data?

Options:

A.

Data classification

B.

Data validation

C.

Data parsing

D.

Data enrichment

Question 7

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?

Options:

A.

WMI method will collect only traffic and IIS logs.

B.

WMI method will collect only DNS logs.

C.

WMI method will collect only DHCP logs.

D.

WMI method will collect security, application, and system events logs.

Question 8

IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

Options:

A.

Up status is assigned because of received packets.

B.

Critical status is assigned because of reduction in number of packets received.

C.

Degraded status is assigned because of packet loss

D.

Down status is assigned because of packet loss.

Question 9

Refer to the exhibit.

An administrator is investigating a FortiSIEM license issue.

The procedure is for which offline licensing condition?

Options:

A.

The procedure is for offline license debug.

B.

The procedure is for offline license registration.

C.

The procedure is for offline license validation.

D.

The procedure is for offline license verification.

Question 10

Which FortiSIEM components can do performance availability and performance monitoring?

Options:

A.

Supervisor, worker, and collector

B.

Supervisor and workers only

C.

Supervisor only

D.

Collectors only

Question 11

How is a subpattern for a rule defined?

Options:

A.

Filters, Aggregation, Group by definitions

B.

Filters, Group By definitions, Threshold

C.

Filters, Threshold, Time Window definitions

D.

Filters, Aggregation, Time Window definitions

Question 12

If an incident’s status is Cleared, what does this mean?

Options:

A.

Two hours have passed since the incident occurred and the incident has not reoccurred.

B.

A clear condition set on a rule was satisfied.

C.

A security rule issue has been resolved.

D.

The incident was cleared by an operator.

Question 13

A customer is experiencing slow performance while executing long, adhoc analytic searches Which FortiSIEM component can make the searches run faster?

Options:

A.

Correlation worker

B.

Event worker

C.

Storage worker

D.

Query worker

Question 14

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

Based on the selected filters shown in the exhibit, why are there no search results?

Options:

A.

The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

B.

In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.

C.

The administrator selected - in the Operator column That a the wrong operator.

D.

The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Question 15

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

Options:

A.

FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.

B.

FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.

C.

FortiSIEM automatically configures network devices to send syslog using the GUI discovery process

D.

Syslog configuration must be done manually on devices by the network administrator.