Refer to the exhibit. It events are grouped by Event Type and User attributes in FortiSIEM. how many results will be displayed?

Eight results will be displayed.

Four results will be displayed.

Eight results will be displayed.

Which FortiSIEM components can do performance availability and performance monitoring?

Supervisor, worker, and collector

Which command displays the Linux agent status?

Service fortisiem-linux-agent status

Refer to the exhibit. If events are grouped by User. Source IP. and Application Category attributes in FortiSiEM. how many results will be displayed?

Five results will be displayed.

Three results will be displayed.

Five results will be displayed.

Seven results will be displayed.

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

The Incident Count value increases, and the First Seen and Last Seen times update.

A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.

A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.

The Incident Count value increases, and the First Seen and Last Seen times update.

The incident status changes to Repeated, and the First Seen and Last Seen times are updated.

Refer to the exhibits. Three events are collected over a 10-minute time period from two servers: Server A and Server B.Based on the settings tor the rule subpattern. how many incidents will the servers generate?

Server A will not generate any incidents and Server B will not generate any incidents.

Server A will generate one incident and Server B will generate one incident.

Server A will generate one incident and Server B will not generate any incidents.

Server B will generate one incident and Server A will not generate any incidents.

Server A will not generate any incidents and Server B will not generate any incidents.

When configuring collectors located in geographically separated sites, what ports must be open on a front end firewall?

HTTPS, from the collector to the supervisor and worker upload settings addresses

HTTPS, from the collector to the worker upload settings address only

HTTPS, from the collector to the supervisor and worker upload settings addresses

HTTPS, from the Internet to the collector

HTTPS, from the Internet to the collector and from the collector to the FortiSIEM cluster

Refer to the exhibit. What does the pauso icon indicate?

Data collection is paused duo to an issue, such as a change of password.

Data collection is paused after the intervals shown for metrics.

Data collection has not started.

Data collection execution failed because the device is not reachable.

Data collection is paused duo to an issue, such as a change of password.

Refer to the exhibit. A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.As shown in the exhibit, why are some of the fields highlighted in red?

Unique attributes cannot be grouped.

The Event Receive Time attribute is not available for logs.

The attribute COUNT(Matched events) is an invalid expression.

No RAW Event Log attribute is available for devices.

Refer to the exhibit. An administrator is investigating a FortiSIEM license issue.The procedure is for which offline licensing condition?

The procedure is for offline license registration.

The procedure is for offline license debug.

The procedure is for offline license registration.

The procedure is for offline license validation.

The procedure is for offline license verification.

Which FortiSIEM feature must you use to produce a report on which FortiGate devices in your environment are running which firmware version?

Run a query using the Inventory tab.

Which statement about global thresholds and per device thresholds is true?

FortiSIEM uses global and per device thresholds tor all performance metrics.

FortiSIEM uses global thresholds for all performance metrics.

FortiSIEM uses fixed hardcoded thresholds for all performance metrics.

FortiSIEM uses global thresholds for all security metrics.

In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?

The collector continues performance collection of devices, but slops receiving syslog.

The collector drops incoming events like syslog. but stops performance collection.

The collector processes stop, and events ate dropped.

The collector continues performance collection of devices, but slops receiving syslog.

FortiSIEM is deployed in disaster recovery mode.When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two.)

Promote the secondary workers to the primary rotes using the phSecworker2priworker command.

Change the DNS configuration to ensure that users, devices, and collectors log in to the secondary FortiSIEM.

Promote the secondary workers to the primary rotes using the phSecworker2priworker command.

Promote the secondary supervisor to the primary role using the phSecondary2primary command.

Change the DNS configuration to ensure that users, devices, and collectors log in to the secondary FortiSIEM.

Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.

IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

Critical status is assigned because of reduction in number of packets received.

Up status is assigned because of received packets.

Critical status is assigned because of reduction in number of packets received.

Degraded status is assigned because of packet loss

Down status is assigned because of packet loss.

An administrator wants to search for events received from Linux and Windows agents.Which attribute should the administrator use in search filters, to view events received from agents only.

External Event Receive Protocol

External Event Receive Raw Logs

How is a subpattern for a rule defined?

Filters, Threshold, Time Window definitions

Filters, Aggregation, Group by definitions

Filters, Group By definitions, Threshold

Filters, Threshold, Time Window definitions

Filters, Aggregation, Time Window definitions

What are the four categories of incidents?

Performance, availability, security, and change

Devices, users, high risk, and low risk

Performance, devices, high risk, and low risk

Performance, availability, security, and change

Security, change, high risk, and low risk

Refer to the exhibit. The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search.Based on the selected filters shown in the exhibit, why is the search returning no results?

The wrong boolean operator is selected in the Next column.

The wrong option is selected in the Operator column.

An invalid IP subnet is typed in the Value column.

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?

WMI method will collect only traffic and IIS logs.

WMI method will collect only DNS logs.

WMI method will collect only DHCP logs.

WMI method will collect security, application, and system events logs.

What does the Frequency field determine on a rule?

How often the rule will trigger for the same condition.

How often the rule will evaluate the subpattern.

How often the rule will trigger for the same condition.

How often the rule will trigger.

How often the rule will take a clear action.

Which is a requirement for implementing FortiSIEM disaster recovery?

DNS names must be used for the worker upload addresses.

All worker nodes must access both supervisor nodes using IP.

SNMP, and WMI ports must be open between the two supervisor nodes.

The two supervisor nodes must have layer 2 connectivity.

DNS names must be used for the worker upload addresses.

How is a subparttern for a rule defined?

Filters Aggregation Time Window definitions

Filters Aggregation. Group By definition

Filters Group By definitions. Threshold

Filters Threshold Time Window definitions

Filters Aggregation Time Window definitions

Refer to the exhibit. If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

Seven results will be displayed.

There results will be displayed.

Unique attribute cannot be grouped.

Five results will be displayed.

Fortinet NSE5_FSM-6.3 Practice Test 1 - Free Online Exam Prep & Questions

Question 1 / 40

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.

FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.

FortiSIEM automatically configures network devices to send syslog using the GUI discovery process

Syslog configuration must be done manually on devices by the network administrator.

Comment (0)

Fortinet NSE5_FSM-6.3 Practice Test 1

Question

Fortinet NSE5_FSM-6.3 Practice Tests

Practice Tests