NSE5_FSM-5.2 Online Practice Questions and Answers

To determine whether or not syslog is being received from a network device, which is the best command from the backend?

A. tcpdump

B. phDeviceTest

C. netcat

D. phSyslogRecorder

What protocol can be used to collect Windows event logs in an agentless method?

A. SSH

B. SNMP

C. WMI

D. SMTP

If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

A. Down status is assigned because of packet loss.

B. Up status is assigned because of received packets

C. Critical status is assigned because of reduction in number of packets received

D. Degraded status is assigned because of packet loss

A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

A. CMDB Report Conditions

B. Data Conditions

C. UI Access

To determine SNMP discovery issues, which is the best command from the backend?

A. snmpwalk

B. phSNMPTest

C. snmptest

D. ssh

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

A. PH_DEV_MON_PROC_STOP

B. Postfix-Mail-Slop

C. Generic_SMTP_Process_Exit

D. PH_DEV_MON_SMTP_STOP

What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

A. The CMDB database must be on NFS

B. The event database must be on NFS

C. The event database must be on a local disk

D. The \archive mount must be on a local disk

Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.

Which is the correct expression?

A. Matched Events COUNT()

B. Matched Events(COUNT)

C. COUNT(Matched Events)

D. (COUNT) Matched Events

If an incident's status is Cleared, what does this mean?

A. Two hours have passed since the incident occurred and the incident has not reoccurred.

B. A clear condition set on a rule was satisfied.

C. A security rule issue has been resolved.

D. The incident was cleared by an operator.

Device discovery information is stored in which database?

A. CMDB

B. Profile DB

C. Event DB

D. SVN DB