• Home
  • Articles
  • Fortinet NSE5_FSM-5.2 Exam Dumps - PDF Questions and Testing Engine [Q20-Q40]

Fortinet NSE5_FSM-5.2 Exam Dumps - PDF Questions and Testing Engine [Q20-Q40]

Share

Fortinet NSE5_FSM-5.2 Exam Dumps - PDF Questions and Testing Engine

Latest NSE5_FSM-5.2 Exam Dumps for Pass Guaranteed

NEW QUESTION 20
If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

  • A. Critical status is assigned because of reduction in number of packets received
  • B. Degraded status is assigned because of packet loss
  • C. Down status is assigned because of packet loss.
  • D. Up status is assigned because of received packets

Answer: B

 

NEW QUESTION 21
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

  • A. Postfix-Mail-Slop
  • B. PH_DEV_MON_SMTP_STOP
  • C. PH_DEV_MON_PROC_STOP
  • D. Generic_SMTP_Process_Exit

Answer: C

 

NEW QUESTION 22
To determine whether or not syslog is being received from a network device, which is the best command from the backend?

  • A. phDeviceTest
  • B. phSyslogRecorder
  • C. netcat
  • D. tcpdump

Answer: D

 

NEW QUESTION 23
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. COUNT(Matched Events)
  • B. Matched Events(COUNT)
  • C. (COUNT) Matched Events
  • D. Matched Events COUNT()

Answer: A

 

NEW QUESTION 24
Which process converts Raw log data to structured data?

  • A. Data enrichment
  • B. Data validation
  • C. Data parsing
  • D. Data classification

Answer: C

 

NEW QUESTION 25
Device discovery information is stored in which database?

  • A. CMDB
  • B. SVN DB
  • C. Profile DB
  • D. Event DB

Answer: A

 

NEW QUESTION 26
What protocol can be used to collect Windows event logs in an agentless method?

  • A. SSH
  • B. SMTP
  • C. SNMP
  • D. WMI

Answer: D

 

NEW QUESTION 27
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP 514
  • B. TCP 514
  • C. UDP9999
  • D. TCP 1470
  • E. UDP 162

Answer: A,D,E

 

NEW QUESTION 28
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. SVN DB
  • B. Event DB
  • C. Profile DB
  • D. CMDB

Answer: B

 

NEW QUESTION 29
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

  • A. 16GB RAM
  • B. 24GB RAM
  • C. 32GB RAM
  • D. 64GB RAM

Answer: C

 

NEW QUESTION 30
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Through auto log discovery
  • B. Through syslog discovery
  • C. Using the pull events method
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 31
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. Five results will be displayed.
  • B. Unique attribute cannot be grouped.
  • C. Seven results will be displayed.
  • D. There results will be displayed.

Answer: A

 

NEW QUESTION 32
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
  • B. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • C. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  • D. The administrator selected - in the Operator column That a the wrong operator.

Answer: D

 

NEW QUESTION 33
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. COUNT(Matched Events)
  • B. Matched Events(COUNT)
  • C. (COUNT) Matched Events
  • D. Matched Events COUNT()

Answer: A

 

NEW QUESTION 34
Which two export methods are available for FortiSIEM analytics results? (Choose two.)

  • A. PNG
  • B. HTML
  • C. PDF
  • D. CSV

Answer: C,D

 

NEW QUESTION 35
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

  • A. Server B will generate one incident and Server A will not generate any incidents
  • B. Server A will generate one incident and Server B will not generate any incidents
  • C. Server A will not generate any incidents and Server B will not generate any incidents
  • D. Server A will generate one incident and Server B wifl generate one incident

Answer: C

 

NEW QUESTION 36
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Filters
  • B. Time Window
  • C. Aggregation
  • D. Group By

Answer: D

 

NEW QUESTION 37
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. TELNET
  • B. LDAP start TLS
  • C. WMI
  • D. LDAPS

Answer: A

 

NEW QUESTION 38
Which FortiSIEM components are capable of performing device discovery?

  • A. Collector
  • B. Worker
  • C. FortiSIEM Linux agent
  • D. FortiSIEM Windows agent

Answer: A

 

NEW QUESTION 39
Which two FortiSIEM components work together to provide real-time event correlation?

  • A. Supervisor and collector
  • B. Supervisor and worker
  • C. Worker and collector
  • D. Collector and Windows agent

Answer: A

 

NEW QUESTION 40
......

Reliable NSE 5 Network Security Analyst NSE5_FSM-5.2 Dumps PDF Dec 14, 2021 Recently Updated Questions: https://www.validvce.com/NSE5_FSM-5.2-exam-collection.html

Related Articles

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam

We are dedicated in providing the most reliable and latest vce dumps for certification exam, our valid dumps and free vce files will guarantee you pass test 100%.

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ValidVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy