Fortinet nse5-fsm-5-2 practice test

Question 1

A FortiSIEM administrator wants to restrict a network administrator to running searches for only
firewall devices. Under role management, which option does the FortiSIEM administrator need to
configure to achieve this scenario?
A.CMDBReportConditions
B.DataConditions
C. UI Access

Question 2

A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per
Second) being reported across the enterprise. What components should an administrator consider
deploying to assist the supervisor with processing data?
A.Supervisor
B. Worker
C. Collector
D. Agent

Question 3

What protocol can be used to collect Windows event logs in an agentless method?
A.SSH
B.SNMP
C.WMI
D. SMTP

Question 4

What
operating
system
is
FortiSIEM
based
on?
A.CentOS
B.MicrosoftWindows
C.RedHat
D. Ubuntu

Question 5

To determine SNMP discovery issues, which is the best command from the backend?
A.snmpwalk
B.phSNMPTest
C.snmptest
D. ssh

Question 6

Which
item
is
required
to
register
a
FortiSIEM
appliance
license?
A.Staticstorage
B.StaticMACaddress
C.StaticIPaddress
D. Static Hardware ID

Question 7

What is the best discovery scan option for a network environment where ping is disabled on all
network
devices?
A.Smartscan
B.Rangescan
C.CMDBscan
D. L2 scan

Question 8

Which protocol is almost always required for the FortiSIEM GUI discovery process?
A.SNMP
B.WMI
C.Syslog
D. Telnet

Question 9

To determine whether or not syslog is being received from a network device, which is the best
command
from
the
backend?
A.tcpdump
B.phDeviceTest
C.netcat
D. phSyslogRecorder

Question 10

What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when
the
proprietary
flat
file
database
is
used?
A.16GBRAM
B.32GBRAM
C.64GBRAM
D. 24GB RAM

Question 11

Which two export methods are available for FortiSIEM analytics results? (Choose two.)
A.CSV
B.PNG
C.HTML
D. PDF

Question 12

What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary
flat file database?
A.The
CMDB
database
must
be
on
NFS
B.The
event
database
must
be
on
NFS
C.The
event
database
must
be
on
a
local
disk
D. The \archive mount must be on a local disk

Question 13

An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents
only.

• A. External Event Receive Protocol
• B. Event Received Proto Agents
• C. External Event Receive Raw Logs
• D. External Event Receive Agents

Question 14

If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

• A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
• B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
• C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
• D. The Incident Count value increases, and the First Seen and Last Seen tomes update

Question 15

What is a prerequisite for FortiSIEM Linux agent installation?

• A. The web server must be installed on the Linux server being monitored
• B. The auditd service must be installed on the Linux server being monitored
• C. The Linux agent manager server must be installed.
• D. Both the web server and the audit service must be installed on the Linux server being monitored