[Feb-2022] Verified Fortinet Exam Dumps with NSE5_FSM-5.2 Exam Study Guide [Q20-Q39]

[Feb-2022] Verified Fortinet Exam Dumps with NSE5_FSM-5.2 Exam Study Guide

Best Quality Fortinet NSE5_FSM-5.2 Exam Questions Actual4Cert Realistic Practice Exams [2022]

NEW QUESTION 20
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

A. Using the pull events method
B. Through syslog discovery
C. Through auto log discovery
D. Through GUI log discovery

Answer: D

NEW QUESTION 21
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

A. CMDB
B. SVN DB
C. Profile DB
D. Event DB

Answer: D

NEW QUESTION 22
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

A. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
C. A yellow star indicates that a metric was applied during discovery, but data collection has not started
D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: D

NEW QUESTION 23
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

A. CMDB scan
B. L2 scan
C. Range scan
D. Smart scan

Answer: D

NEW QUESTION 24
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

A. There results will be displayed.
B. Unique attribute cannot be grouped.
C. Seven results will be displayed.
D. Five results will be displayed.

Answer: D

NEW QUESTION 25
Which two export methods are available for FortiSIEM analytics results? (Choose two.)

A. PDF
B. CSV
C. HTML
D. PNG

Answer: A,B

NEW QUESTION 26
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

A. Filters
B. Group By
C. Time Window
D. Aggregation

Answer: D

NEW QUESTION 27
Which protocol is almost always required for the FortiSIEM GUI discovery process?

A. Telnet
B. Syslog
C. SNMP
D. WMI

Answer: C

NEW QUESTION 28
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

A. 64GB RAM
B. 16GB RAM
C. 32GB RAM
D. 24GB RAM

Answer: D

NEW QUESTION 29
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

A. CMDB scan
B. L2 scan
C. Range scan
D. Smart scan

Answer: D

NEW QUESTION 30
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

A. AND
B. NOT
C. FOLLOWED_BY
D. OR
E. ELSE

Answer: A,B,E

NEW QUESTION 31
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

A. 64GB RAM
B. 16GB RAM
C. 24GB RAM
D. 32GB RAM

Answer: D

NEW QUESTION 32
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

A. TCP 514
B. UDP 514
C. TCP 1470
D. UDP9999
E. UDP 162

Answer: A,B,C

NEW QUESTION 33
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

A. Group By
B. Aggregation
C. Filters
D. Time Window

Answer: A

NEW QUESTION 34
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

A. Using the pull events method
B. Through syslog discovery
C. Through auto log discovery
D. Through GUI log discovery

Answer: D

NEW QUESTION 35
What are the four possible incident status values?

A. Active, cleared, cleared manually, system cleared
B. Active, auto cleared, manual, false positive
C. Active, dosed, cleared, open
D. Active, closed, manual, resolved

Answer: D

NEW QUESTION 36
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

A. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
B. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
C. The administrator selected - in the Operator column That a the wrong operator.
D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Answer: C

NEW QUESTION 37
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

A. Matched Events(COUNT)
B. COUNT(Matched Events)
C. (COUNT) Matched Events
D. Matched Events COUNT()

Answer: B

NEW QUESTION 38
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?