NSE5_FSM-5.2 Online Practice Questions and Answers
What is a prerequisite for FortiSIEM Linux agent installation?
A. The web server must be installed on the Linux server being monitored
B. The auditd service must be installed on the Linux server being monitored
C. The Linux agent manager server must be installed.
D. Both the web server and the audit service must be installed on the Linux server being monitored
Which FortiSIEM components are capable of performing device discovery?
A. FortiSIEM Windows agent
B. Worker
C. FortiSIEM Linux agent
D. Collector
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?
A. CMDB Report Conditions
B. Data Conditions
C. UI Access
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
A. UDP9999
B. UDP 162
C. TCP 514
D. UDP 514
E. TCP 1470
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?
A. PH_DEV_MON_PROC_STOP
B. Postfix-Mail-Slop
C. Generic_SMTP_Process_Exit
D. PH_DEV_MON_SMTP_STOP
What are the four possible incident status values?
A. Active, dosed, cleared, open
B. Active, cleared, cleared manually, system cleared
C. Active, closed, manual, resolved
D. Active, auto cleared, manual, false positive
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
A. Time Window
B. Aggregation
C. Group By
D. Filters
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?
A. The CMDB database must be on NFS
B. The event database must be on NFS
C. The event database must be on a local disk
D. The \archive mount must be on a local disk
Which protocol is almost always required for the FortiSIEM GUI discovery process?
A. SNMP
B. WMI
C. Syslog D. Telnet
Refer to the exhibit.
A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?
A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
B. In the Time section, the administrator selected the Relative Last option, and in the drop- down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
C. The administratorselected - inthe Operator column That a the wrong operator.
D. The administrator selected AND in the Nextdrop-down list. Thisis the wrong boolean operator.