• Home
  • Articles
  • Practice NSE5_FSM-5.2 Questions With Certification guide Q&A from Training Expert [Q21-Q39]

Practice NSE5_FSM-5.2 Questions With Certification guide Q&A from Training Expert [Q21-Q39]

Share

Practice NSE5_FSM-5.2 Questions With Certification guide Q&A from Training Expert Prep4away

Free Fortinet NSE5_FSM-5.2 Test Practice Test Questions Exam Dumps

NEW QUESTION 21
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

  • A. External Event Receive Agents
  • B. External Event Receive Protocol
  • C. External Event Receive Raw Logs
  • D. Event Received Proto Agents

Answer: C

 

NEW QUESTION 22
What are the four categories of incidents?

  • A. Security, change, high risk, and low risk
  • B. Performance, devices, high risk, and low risk
  • C. Devices, users, high risk, and low risk
  • D. Performance, availability, security, and change

Answer: D

 

NEW QUESTION 23
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. WMI
  • B. TELNET
  • C. LDAP start TLS
  • D. LDAPS

Answer: B

 

NEW QUESTION 24
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

  • A. Server A will generate one incident and Server B wifl generate one incident
  • B. Server A will not generate any incidents and Server B will not generate any incidents
  • C. Server A will generate one incident and Server B will not generate any incidents
  • D. Server B will generate one incident and Server A will not generate any incidents

Answer: B

 

NEW QUESTION 25
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • B. The administrator selected - in the Operator column That a the wrong operator.
  • C. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
  • D. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

Answer: B

 

NEW QUESTION 26
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. Five results will be displayed.
  • B. Seven results will be displayed.
  • C. There results will be displayed.
  • D. Unique attribute cannot be grouped.

Answer: A

 

NEW QUESTION 27
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • B. The administrator selected - in the Operator column That a the wrong operator.
  • C. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
  • D. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

Answer: B

 

NEW QUESTION 28
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Two results will be displayed
  • B. Four results will be displayed
  • C. Unique attributes cannot be grouped
  • D. Eight results will be displayed

Answer: C

 

NEW QUESTION 29
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. Event DB
  • B. SVN DB
  • C. Profile DB
  • D. CMDB

Answer: C

 

NEW QUESTION 30
Which command displays the Linux agent status?

  • A. Service fsm-linux-agent status
  • B. Service linux-agent status
  • C. Service Ao-linux-agent status
  • D. Service fortisiem-linux-agent status

Answer: D

 

NEW QUESTION 31
Which FortiSIEM components are capable of performing device discovery?

  • A. FortiSIEM Linux agent
  • B. Collector
  • C. FortiSIEM Windows agent
  • D. Worker

Answer: B

 

NEW QUESTION 32
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

  • A. AND
  • B. ELSE
  • C. OR
  • D. FOLLOWED_BY
  • E. NOT

Answer: A,B,E

 

NEW QUESTION 33
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

  • A. PH_DEV_MON_PROC_STOP
  • B. Generic_SMTP_Process_Exit
  • C. Postfix-Mail-Slop
  • D. PH_DEV_MON_SMTP_STOP

Answer: D

 

NEW QUESTION 34
Which process converts Raw log data to structured data?

  • A. Data enrichment
  • B. Data classification
  • C. Data validation
  • D. Data parsing

Answer: C

 

NEW QUESTION 35
If an incident's status is Cleared, what does this mean?

  • A. Two hours have passed since the incident occurred and the incident has not reoccurred.
  • B. A security rule issue has been resolved.
  • C. A clear condition set on a rule was satisfied.
  • D. The incident was cleared by an operator.

Answer: A

 

NEW QUESTION 36
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Group By
  • B. Time Window
  • C. Filters
  • D. Aggregation

Answer: A

 

NEW QUESTION 37
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

  • A. Generic_SMTP_Process_Exit
  • B. PH_DEV_MON_PROC_STOP
  • C. PH_DEV_MON_SMTP_STOP
  • D. Postfix-Mail-Slop

Answer: B

 

NEW QUESTION 38
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

  • A. The \archive mount must be on a local disk
  • B. The event database must be on NFS
  • C. The event database must be on a local disk
  • D. The CMDB database must be on NFS

Answer: B

 

NEW QUESTION 39
......

Prepare Top Fortinet NSE5_FSM-5.2 Exam Audio Study Guide Practice Questions Edition: https://testking.vcetorrent.com/NSE5_FSM-5.2-valid-vce-torrent.html

Related Articles

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Our Exam Questions are abundant and effective enough to supply your needs of the exam. Since we have the same ultimate goals, which is successfully pass the exam. So during your formative process of preparation, we are willing be your side all the time.

Copyright © 2026 Prep4away NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy