• Home
  • Articles
  • Ultimate Guide to Prepare NSE5_FSM-5.2 Certification Exam for NSE 5 Network Security Analyst in 2023 [Q24-Q40]

Ultimate Guide to Prepare NSE5_FSM-5.2 Certification Exam for NSE 5 Network Security Analyst in 2023 [Q24-Q40]

Share

Ultimate Guide to Prepare NSE5_FSM-5.2 Certification Exam for NSE 5 Network Security Analyst in 2023

Use Real NSE5_FSM-5.2 Dumps - Fortinet Correct Answers updated on 2023

NEW QUESTION 24
In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

  • A. FOLLOWED_BY
  • B. ELSE
  • C. OR
  • D. NOT
  • E. AND

Answer: B,D,E

 

NEW QUESTION 25
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. There results will be displayed.
  • B. Five results will be displayed.
  • C. Seven results will be displayed.
  • D. Unique attribute cannot be grouped.

Answer: B

 

NEW QUESTION 26
Device discovery information is stored in which database?

  • A. CMDB
  • B. Profile DB
  • C. Event DB
  • D. SVN DB

Answer: A

 

NEW QUESTION 27
What protocol can be used to collect Windows event logs in an agentless method?

  • A. SSH
  • B. SNMP
  • C. SMTP
  • D. WMI

Answer: D

 

NEW QUESTION 28
Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

  • A. Server A will generate one incident and Server B will not generate any incidents
  • B. Server A will generate one incident and Server B wifl generate one incident
  • C. Server A will not generate any incidents and Server B will not generate any incidents
  • D. Server B will generate one incident and Server A will not generate any incidents

Answer: C

 

NEW QUESTION 29
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Through syslog discovery
  • B. Through auto log discovery
  • C. Using the pull events method
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 30
Refer to the exhibit.

The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?

  • A. An invalid IP subnet is typed in the Value column
  • B. The wrong option is selected in the Operator column
  • C. Parenthesis are missing
  • D. The wrong boolean operator is selected in the Next column

Answer: D

 

NEW QUESTION 31
Which two FortiSIEM components work together to provide real-time event correlation?

  • A. Supervisor and worker
  • B. Collector and Windows agent
  • C. Worker and collector
  • D. Supervisor and collector

Answer: D

 

NEW QUESTION 32
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • D. A yellow star indicates that a metric was applied during discovery, but data collection has not started

Answer: D

 

NEW QUESTION 33
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. Matched Events COUNT()
  • B. COUNT(Matched Events)
  • C. (COUNT) Matched Events
  • D. Matched Events(COUNT)

Answer: B

 

NEW QUESTION 34
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  • B. The administrator selected - in the Operator column That a the wrong operator.
  • C. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
  • D. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.

Answer: B

 

NEW QUESTION 35
What is the best discovery scan option for a network environment where ping is disabled on all network devices?

  • A. L2 scan
  • B. CMDB scan
  • C. Range scan
  • D. Smart scan

Answer: D

 

NEW QUESTION 36
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

  • A. L2 scan
  • B. CMDB scan
  • C. Range scan
  • D. Smart scan

Answer: D

 

NEW QUESTION 37
Which FortiSIEM components are capable of performing device discovery?

  • A. FortiSIEM Windows agent
  • B. FortiSIEM Linux agent
  • C. Worker
  • D. Collector

Answer: D

 

NEW QUESTION 38
Which item is required to register a FortiSIEM appliance license?

  • A. Static MAC address
  • B. Static IP address
  • C. Static Hardware ID
  • D. Static storage

Answer: C

 

NEW QUESTION 39
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP 162
  • B. UDP 514
  • C. TCP 1470
  • D. TCP 514
  • E. UDP9999

Answer: B,C,D

 

NEW QUESTION 40
......

NSE 5 Network Security Analyst -NSE5_FSM-5.2 Exam-Practice-Dumps: https://examsdocs.lead2passed.com/Fortinet/NSE5_FSM-5.2-practice-exam-dumps.html

Related Articles

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam