ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FSM-6.3
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?
Refer to the exhibit. A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
Which command displays the Linux agent status?
What are the four possible incident status values?
Refer to the exhibit. If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
Where do you configure rule notifications and automated remediation on FortiSIEM?
What are the four categories of incidents?
IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?
Refer to the exhibit. Which value will FortiSIEM use to populate the Event Type field?

Question 23 - NSE5_FSM-6.3 discussion

Report
Export

In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?

A.
The collector drops incoming events like syslog. but stops performance collection.
Answers
A.
The collector drops incoming events like syslog. but stops performance collection.
B.
The collector processes stop, and events ate dropped.
Answers
B.
The collector processes stop, and events ate dropped.
C.
The collector continues performance collection of devices, but slops receiving syslog.
Answers
C.
The collector continues performance collection of devices, but slops receiving syslog.
D.
The collector buffers events
Answers
D.
The collector buffers events
Suggested answer: C

Explanation:

Enterprise Licensing Mode: In FortiSIEM enterprise licensing mode, collectors are deployed in remote sites to gather and forward data to the central FortiSIEM cluster located in the data center.

Collector Functionality: Collectors are responsible for receiving logs, events (e.g., syslog), and performance metrics from devices.

Link Down Scenario: When the link between the collector and the FortiSIEM cluster is down, the collector needs a mechanism to ensure no data is lost during the disconnection.

Event Buffering: The collector buffers the events locally until the connection is restored, ensuring that no incoming events are lost. This buffered data is then forwarded to the FortiSIEM cluster once the link is re-established.

Reference: FortiSIEM 6.3 User Guide, Data Collection and Buffering section, explains the behavior of collectors during network disruptions.

Show Answer
asked 18/09/2024
Tatiana Castillo
29 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms