NSE5_FSM-5.2 Online Practice Questions and Answers

To determine whether or not syslog is being received from a network device, which is the best command from the backend?

A. tcpdump

B. phDeviceTest

C. netcat

D. phSyslogRecorder

To determine SNMP discovery issues, which is the best command from the backend?

A. snmpwalk

B. phSNMPTest

C. snmptest

D. ssh

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

A. PH_DEV_MON_PROC_STOP

B. Postfix-Mail-Slop

C. Generic_SMTP_Process_Exit

D. PH_DEV_MON_SMTP_STOP

What is the best discovery scan option for a network environment where ping is disabled on all network devices?

A. Smart scan

B. Range scan

C. CMDB scan

D. L2 scan

Which command displays the Linux agent status?

A. Service fsm-linux-agent status

B. Service Ao-linux-agent status

C. Service fortisiem-linux-agent status

D. Service linux-agent status

Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully. As shown in the exhibit, why are some of the fields highlighted in red?

A. The Event Receive Time attribute is not available for logs.

B. The attribute COUNT(Matched event) is an invalid expression.

C. Unique attributes cannot be grouped.

D. No RAW Event Log attribute is available for devices.

What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

A. 16GB RAM

B. 32GB RAM

C. 64GB RAM

D. 24GB RAM

An administrator wants to search for events received from Linux and Windows agents.

Which attribute should the administrator use in search filters, to view events received from agents only.

A. External Event Receive Protocol

B. Event Received Proto Agents

C. External Event Receive Raw Logs

D. External Event Receive Agents

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

Based on the selected filters shown in the exhibit, why are there no search results?

A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

B. In the Time section, the administrator selected the Relative Last option, and in the drop- down lists, selected 2 and Hours as the lime period The time period should be 24 hours.

C. The administratorselected - inthe Operator column That a the wrong operator.

D. The administrator selected AND in the Nextdrop-down list. Thisis the wrong boolean operator.

Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

A. Profile DB

B. Event DB

C. CMDB

D. SVN DB