NSE5_FSM-6.3 Exam Questions

Which process converts raw log data to structured data?

Refer to the exhibits. Three events are collected over a 10-minute time period from two servers: Server A and Server B. Based on the settings being used for the rule subpattern, ho...

In me FortiSIEM CLI. which command must you use to determine whether or not syslog is being received from a network device?

What does the Frequency field determine on a rule?

Consider the storage of anomaly baseline date that is calculated for different parameters. Which database is used for storing this data?

Which is a requirement for implementing FortiSIEM disaster recovery?

How is a subpattern for a rule defined?

Which FortiSIEM components are capable of performing device discovery?

Refer to the exhibit. An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message s...

Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

Device discovery information is stored in which database?

Which FortiSIEM components can do performance availability and performance monitoring?

Which command displays the Linux agent status?

Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

What are the four possible incident status values?

Refer to the exhibit. What do the yellow stars listed in the Monitor column indicate?

Refer to the exhibit. A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server. Which p...

Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation val...

What is a prerequisite for FortiSIEM Linux agent installation?

An administrator wants to search for events received from Linux and Windows agents. Which attribute should the administrator use in search filters, to view events received from age...

When configuring collectors located in geographically separated sites, what ports must be open on a front end firewall?

An administrator is in the process of renewing a FortiSIEM license. Which two commands will provide the system ID? (Choose two.)

Refer to the exhibit. Which section contains the sortings that determine how many incidents are created?

Refer to the exhibit. What does the pause icon indicate?

Refer to the exhibit. A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully. As shown in the exhibit, why are some of the fie...

Refer to the exhibit. Which value will FortiSIEM use to populate the Event Type field?

An administrator defines SMTP as a critical process on a Linux server. It the SMTP process is stopped. FortiSIEM will generate a critical event with which event type?

Refer to the exhibit. An administrator is investigating a FortiSIEM license issue. The procedure is for which offline licensing condition?

Which FortiSIEM feature must you use to produce a report on which FortiGate devices in your environment are running which firmware version?

Which statement about global thresholds and per device thresholds is true?

Where do you configure rule notifications and automated remediation on FortiSIEM?

What are the four categories of incidents?

Refer to the exhibit. The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their sear...

An administrator is using SNMP and WMI credentials to discover a Windows device. How will the WMI method handle this?

Refer to the exhibit. How was the FortiGate device discovered by FortiSIEM?

A customer is experiencing slow performance while executing long, adhoc analytic searches Which FortiSIEM component can make the searches run faster?

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

Refer to the exhibit. If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

If an incident's status is Cleared, what does this mean?

Refer to the exhibit. A FortiSIEM is continuously receiving syslog events from a FortiGate firewall. The FortiSlfcM administrator is trying to search the raw event logs for the las...

In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?

Which two FortiSIEM components work together to provide real-time event correlation?

FortiSIEM is deployed in disaster recovery mode. When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two.)

IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

Refer to the exhibit. It events are grouped by Event Type and User attributes in FortiSIEM. how many results will be displayed?

Refer to the exhibit. If events are grouped by User. Source IP. and Application Category attributes in FortiSiEM. how many results will be displayed?

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

Which protocol do collectors use to communicate with a FortiSIEM cluster?