NSE5-FSM-6-3 Practice Exam — 31 Free Fortinet Questions

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

31Practice Questions

3Study Modes

Free

TopicSort

Question 1

Security profiles

How is a subpattern for a rule defined?

A Filters, Aggregation, Group By definitions
B Filters, Group By definitions, Threshold
C Filters, Threshold, Time Window definitions
D Filters, Aggregation, Time Window definitions

Question 2

Central management

Question 3

System configuration

Question 4

Central management

Question 5

Central management

Question 6

System configuration

Question 7

System configuration

Question 8

System configuration

Question 9

Central management

Question 10

System configuration

Question 11

Central management

Question 12

Central management

Question 13

Security profiles

That's the end of the Preview

This exam has 31 community-verified practice questions. Create a free account to access all questions, comments, and explanations.

Topics covered:

System configurationCentral managementSecurity profilesRoutingVPN

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 31

1 2

→

Know a question that should be here? Contribute to this exam

Refer to the exhibit.

Question Image

If events are grouped by Event Type and User attributes in FortiSIEM, how many results will be displayed?

A Four results will be displayed.
B Eight results will be displayed.
C Two results will be displayed.
D No results will be displayed.

Consider the storage of anomaly baseline data that is calculated for different parameters.
Which database is used for storing this data?

A Event DB
B Profile DB
C SVN DB
D CMDB

Which two FortiSIEM components work together to provide real-time event correlation?

A Supervisor and worker
B Collector and Windows agent
C Worker and collector
D Supervisor and collector

Refer to the exhibit.

Question Image

How was the FortiGate device discovered by FortiSIEM?

A GUI log discovery
B Syslog discovery
C Pull events discovery
D Auto log discovery

Question 6

System configuration

Question 7

System configuration

Question 8

System configuration

Question 9

Central management

Question 10

System configuration

Question 11

Central management

Question 12

Central management

Question 13

Security profiles

Which is a requirement for implementing FortiSIEM disaster recovery?

A All worker nodes must access both supervisor nodes using IP.
B SNMP, and WMI ports must be open between the two supervisor nodes.
C The two supervisor nodes must have layer 2 connectivity.
D DNS names must be used for the worker upload addresses.

An administrator is in the process of renewing a FortiSIEM license.
Which two commands will provide the system ID? (Choose two.)

A phgetHWID
B ./phLicenseTool -support
C phgetUUID
D ./phLicenseTool -show

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices.
Which statement is correct?

A FortiSIEM uses privileged credentials to log in to devices and make network configuration changes.
B FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.
C FortiSIEM automatically configures network devices to send syslog using the GUI discovery process.
D Syslog configuration must be done manually on devices by the network administrator.

An administrator is using SNMP and WMI credentials to discover a Windows device.
How will the WMI method handle this?

A WMI method will collect only traffic and IIS logs.
B WMI method will collect only DNS logs.
C WMI method will collect only DHCP logs.
D WMI method will collect security, application, and system events logs.

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

A A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
B A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated.
C The Incident Count value increases, and the First Seen and Last Seen times update.
D The incident status changes to Repeated, and the First Seen and Last Seen times are updated.

Refer to the exhibit.

Question Image

The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search,
Based on the selected filters shown in the exhibit, why is the search returning no results?

A Parenthesis are missing.
B The wrong boolean operator is selected in the Next column.
C The wrong option is selected in the Operator column.
D An invalid IP subnet is typed in the Value column.

Which process converts raw log data to structured data?

A Data classification
B Data validation
C Data parsing
D Data enrichment

Refer to the exhibit.

Question Image

Which section contains the settings that determine how many incidents are created?

A Actions
B Group By
C Aggregate
D Filters

Join Us Among the Stars

NSE5-FSM-6-3Preview

About the NSE5-FSM-6-3 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

That's the end of the Preview

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Join Us Among the Stars

NSE5-FSM-6-3Preview

About the NSE5-FSM-6-3 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

That's the end of the Preview

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13