NSE5_FSM-5.2 | What Downloadable NSE5_FSM-5.2 Braindumps Is

NEW QUESTION 1
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

• A. The CMDB database must be on NFS
• B. The event database must be on NFS
• C. The event database must be on a local disk
• D. The \archive mount must be on a local disk

Answer: B

NEW QUESTION 2
Device discovery information is stored in which database?

• A. CMDB
• B. Profile DB
• C. Event DB
• D. SVN DB

Answer: A

NEW QUESTION 3
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

• A. The collector drops incoming events like syslo
• B. but slops performance collection
• C. The collector continues performance collection of devices, but stops receiving syslog
• D. The collector buffers events
• E. The collector processes stop, and events are dropped

Answer: D

NEW QUESTION 4
Which FortiSIEM components are capable of performing device discovery?

• A. FortiSIEM Windows agent
• B. Worker
• C. FortiSIEM Linux agent
• D. Collector

Answer: D

NEW QUESTION 5
What protocol can be used to collect Windows event logs in an agentless method?

• A. SSH
• B. SNMP
• C. WMI
• D. SMTP

Answer: C

NEW QUESTION 6
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

• A. Eight results will be displayed
• B. Four results will be displayed
• C. Two results will be displayed
• D. Unique attributes cannot be grouped

Answer: D

NEW QUESTION 7
To determine whether or not syslog is being received from a network device, which is the best command from the backend?

• A. tcpdump
• B. phDeviceTest
• C. netcat
• D. phSyslogRecorder

Answer: A

NEW QUESTION 8
Which two export methods are available for FortiSIEM analytics results? (Choose two.)

• A. CSV
• B. PNG
• C. HTML
• D. PDF

Answer: AD

NEW QUESTION 9
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

• A. TELNET
• B. WMI
• C. LDAPS
• D. LDAP start TLS

Answer: A

NEW QUESTION 10
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• A. UDP9999
• B. UDP 162
• C. TCP 514
• D. UDP 514
• E. TCP 1470

Answer: CDE

NEW QUESTION 11
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

• A. CMDB Report Conditions
• B. Data Conditions
• C. UI Access

Answer: B

NEW QUESTION 12
Which item is required to register a FortiSIEM appliance license?

• A. Static storage
• B. Static MAC address
• C. Static IP address
• D. Static Hardware ID

Answer: D

NEW QUESTION 13
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

• A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
• B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
• C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
• D. The Incident Count value increases, and the First Seen and Last Seen tomes update

Answer: A

NEW QUESTION 14
......