Fortinet NSE5_FSM-6.3 Exam Practice Test Instant Access

Question 1

What can you do with rules on FortiSIEM?

AOnly view, edit, and activate a single rule at one time

BChange the severity of multiple rules, and activate or de-activate multiple rules

COnly activate or de-activate multiple rules

DOnly change the severity of multiple rules

Answer : B

Question 2

Which statement best describes auto-log discovery?

AWhen SNMP Is used for a range scan discovery

BWhen a syslog-relay is used to deliver logs to the FortiSIEM report server

CWhen syslog is sent from a network device to FortiSIEM without performing a discovery

DWhen FortiSIEM pulls syslog from a network device to determine event types

Answer : C

Question 3

In the CMDB page for a network device, the Configuration tab is unexpectedly empty. Which is a possible reason?

AThe SNMP credential was a read-only credential.

BA Telnet/SSH credential was not configured for discovery.

CConfiguration push is not enabled on the network device.

DSyslog was only being sent to a worker.

Answer : B

Question 4

What are two tasks that you must do to make a secondary FortiSIEM device ready for disaster recovery? (Choose two.)

AConfigure the replication of CMDB database.

BConfigure the replication of license and license entitlements.

CConfigure the replication of FortiSIEM certificates.

DConfigure the replication of profile data.

Answer : A, D

Question 5

If FortiSIEM supervisor is deployed with the worker using the proprietary flat file database, which action is required?

AAn event database must be placed on NFS

BCollectors must be deployed

CA FortiSIEM service provider license must be obtained

DA separate network interface must be used for the storage network

Answer : A

Question 6

An administrator is using SNMP credential only for discovery of a Windows device. How will FortiSIEM handle this?

AFortiSIEM will apply a job to collect application event logs.

BFortiSIEM will apply system monitor jobs to collect resources data.

CFortiSIEM will apply a Job to collect security event logs

DFortiSIEM will apply a job to collect system event logs.

Answer : B

Question 7

Refer to the exhibit.

Which value will FortiSIEM use to populate the Connection Id field?

A33909

B134

CThe connection ID is not in the raw message.

D408228

Answer : D

Fortinet NSE5_FSM-6.3 Fortinet NSE 5 - FortiSIEM 6.3 Exam Practice Test