The Secret Of Fortinet NSE5_FSM-5.2 Dumps

NEW QUESTION 1
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

• A. Seven results will be displayed.
• B. There results will be displayed.
• C. Unique attribute cannot be grouped.
• D. Five results will be displayed.

Answer: D

NEW QUESTION 2
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

• A. Smart scan
• B. Range scan
• C. CMDB scan
• D. L2 scan

Answer: A

NEW QUESTION 3
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

• A. The CMDB database must be on NFS
• B. The event database must be on NFS
• C. The event database must be on a local disk
• D. The \archive mount must be on a local disk

Answer: B

NEW QUESTION 4
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

• A. The Event Receive Time attribute is not available for logs.
• B. The attribute COUNT(Matched event) is an invalid expression.
• C. Unique attributes cannot be grouped.
• D. No RAW Event Log attribute is available for devices.

Answer: C

NEW QUESTION 5
Which command displays the Linux agent status?

• A. Service fsm-linux-agent status
• B. Service Ao-linux-agent status
• C. Service fortisiem-linux-agent status
• D. Service linux-agent status

Answer: C

NEW QUESTION 6
Which process converts Raw log data to structured data?

• A. Data enrichment
• B. Data classification
• C. Data parsing
• D. Data validation

Answer: C

NEW QUESTION 7
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• A. UDP9999
• B. UDP 162
• C. TCP 514
• D. UDP 514
• E. TCP 1470

Answer: CDE

NEW QUESTION 8
To determine whether or not syslog is being received from a network device, which is the best command from the backend?

• A. tcpdump
• B. phDeviceTest
• C. netcat
• D. phSyslogRecorder

Answer: A

NEW QUESTION 9
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

• A. Matched Events COUNT()
• B. Matched Events(COUNT)
• C. COUNT(Matched Events)
• D. (COUNT) Matched Events

Answer: C

NEW QUESTION 10
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

• A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
• B. A yellow star indicates that a metric was applied during discovery, but data collection has not started
• C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
• D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: B

NEW QUESTION 11
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

• A. ELSE
• B. NOT
• C. FOLLOWED_BY
• D. OR
• E. AND

Answer: ABE

NEW QUESTION 12
Which protocol is almost always required for the FortiSIEM GUI discovery process?

• A. SNMP
• B. WMI
• C. Syslog
• D. Telnet

Answer: A

NEW QUESTION 13
Which item is required to register a FortiSIEM appliance license?

• A. Static storage
• B. Static MAC address
• C. Static IP address
• D. Static Hardware ID

Answer: D

NEW QUESTION 14
......