New 2021 NSE5_FSM-5.2 exam questions Welcome to download the newest Actual4Dumps NSE5_FSM-5.2 PDF dumps (43 Q&As)
P.S. Free 2021 NSE 5 Network Security Analyst NSE5_FSM-5.2 dumps are available on Google Drive shared by Actual4Dumps
NEW QUESTION 11
To determine whether or not syslog is being received from a network device, which is the best command from the backend?
- A. phDeviceTest
- B. netcat
- C. phSyslogRecorder
- D. tcpdump
Answer: D
NEW QUESTION 12
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?
- A. The event database must be on NFS
- B. The CMDB database must be on NFS
- C. The event database must be on a local disk
- D. The \archive mount must be on a local disk
Answer: A
NEW QUESTION 13
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)
- A. TCP 514
- B. UDP 514
- C. TCP 1470
- D. UDP9999
- E. UDP 162
Answer: A,B,C
NEW QUESTION 14
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. Unique attributes cannot be grouped.
- B. The Event Receive Time attribute is not available for logs.
- C. The attribute COUNT(Matched event) is an invalid expression.
- D. No RAW Event Log attribute is available for devices.
Answer: A
NEW QUESTION 15
Refer to the exhibit.
If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?
- A. Eight results will be displayed
- B. Two results will be displayed
- C. Four results will be displayed
- D. Unique attributes cannot be grouped
Answer: D
NEW QUESTION 16
Refer to the exhibit.
An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?
- A. Matched Events(COUNT)
- B. COUNT(Matched Events)
- C. (COUNT) Matched Events
- D. Matched Events COUNT()
Answer: B
NEW QUESTION 17
Which FortiSIEM components can do performance availability and performance monitoring?
- A. Supervisor, worker, and collector
- B. Collectors only
- C. Supervisor only
- D. Supervisor and workers only
Answer: A
NEW QUESTION 18
Refer to the exhibit.
A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?
- A. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
- B. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
- C. The administrator selected - in the Operator column That a the wrong operator.
- D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
Answer: C
NEW QUESTION 19
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?
- A. PH_DEV_MON_SMTP_STOP
- B. Postfix-Mail-Slop
- C. Generic_SMTP_Process_Exit
- D. PH_DEV_MON_PROC_STOP
Answer: D
NEW QUESTION 20
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?
- A. 64GB RAM
- B. 16GB RAM
- C. 24GB RAM
- D. 32GB RAM
Answer: D
NEW QUESTION 21
Refer to the exhibit.
Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?
- A. Server A will generate one incident and Server B will not generate any incidents
- B. Server B will generate one incident and Server A will not generate any incidents
- C. Server A will not generate any incidents and Server B will not generate any incidents
- D. Server A will generate one incident and Server B wifl generate one incident
Answer: C
NEW QUESTION 22
Which process converts Raw log data to structured data?
- A. Data enrichment
- B. Data parsing
- C. Data validation
- D. Data classification
Answer: C
NEW QUESTION 23
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?
- A. CMDB
- B. SVN DB
- C. Profile DB
- D. Event DB
Answer: D
NEW QUESTION 24
Which item is required to register a FortiSIEM appliance license?
- A. Static Hardware ID
- B. Static IP address
- C. Static storage
- D. Static MAC address
Answer: A
NEW QUESTION 25
Device discovery information is stored in which database?
- A. Event DB
- B. SVN DB
- C. Profile DB
- D. CMDB
Answer: D
NEW QUESTION 26
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?
- A. CMDB Report Conditions
- B. UI Access
- C. Data Conditions
Answer: C
NEW QUESTION 27
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?
- A. Supervisor
- B. Worker
- C. Collector
- D. Agent
Answer: B
NEW QUESTION 28
What is the best discovery scan option for a network environment where ping is disabled on all network devices?
- A. CMDB scan
- B. L2 scan
- C. Range scan
- D. Smart scan
Answer: D
NEW QUESTION 29
Refer to the exhibit.
A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A. Unique attributes cannot be grouped.
- B. The Event Receive Time attribute is not available for logs.
- C. The attribute COUNT(Matched event) is an invalid expression.
- D. No RAW Event Log attribute is available for devices.
Answer: A
NEW QUESTION 30
Refer to the exhibit.
Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?
- A. Server A will generate one incident and Server B will not generate any incidents
- B. Server B will generate one incident and Server A will not generate any incidents
- C. Server A will not generate any incidents and Server B will not generate any incidents
- D. Server A will generate one incident and Server B wifl generate one incident
Answer: C
NEW QUESTION 31
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?
- A. PH_DEV_MON_SMTP_STOP
- B. Postfix-Mail-Slop
- C. PH_DEV_MON_PROC_STOP
- D. Generic_SMTP_Process_Exit
Answer: A
NEW QUESTION 32
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Using the pull events method
- B. Through syslog discovery
- C. Through auto log discovery
- D. Through GUI log discovery
Answer: D
NEW QUESTION 33
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?
- A. CMDB scan
- B. L2 scan
- C. Range scan
- D. Smart scan
Answer: D
NEW QUESTION 34
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)
- A. AND
- B. NOT
- C. FOLLOWED_BY
- D. OR
- E. ELSE
Answer: A,B,E
NEW QUESTION 35
......
NSE5_FSM-5.2 exam questions from Actual4Dumps dumps: https://pdfpractice.actual4dumps.com/NSE5_FSM-5.2-study-material.html (43 Q&As)