Free Fortinet NSE 5 – FortiSIEM 5.2 Exam NSE5_FSM-5.2 Exam Practice Test

Which command displays the Linux agent status?

• Service fsm-linux-agent status
  
• Service Ao-linux-agent status
  
• Service fortisiem-linux-agent status
  
• Service linux-agent status
  

To determine SNMP discovery issues, which is the best command from the backend?

• snmpwalk
  
• phSNMPTest
  
• snmptest
  
• ssh
  

If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

• Down status is assigned because of packet loss.
  
• Up status is assigned because of received packets
  
• Critical status is assigned because of reduction in number of packets received
  
• Degraded status is assigned because of packet loss
  

If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

• A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
  
• The incident status changes to Repeated and the First Seen and Last Seen times are updated.
  
• A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
  
• The Incident Count value increases, and the First Seen and Last Seen tomes update
  

What are the four categories of incidents?

• Devices, users, high risk, and low risk
  
• Performance, availability, security, and change
  
• Performance, devices, high risk, and low risk
  
• Security, change, high risk, and low risk
  

Device discovery information is stored in which database?

• CMDB
  
• Profile DB
  
• Event DB
  
• SVN DB
  

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

• PH_DEV_MON_PROC_STOP
  
• Postfix-Mail-Slop
  
• Generic_SMTP_Process_Exit
  
• PH_DEV_MON_SMTP_STOP
  

A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

• Supervisor
  
• Worker
  
• Collector
  
• Agent
  

If an incident's status is Cleared, what does this mean?

• Two hours have passed since the incident occurred and the incident has not reoccurred.
  
• A clear condition set on a rule was satisfied.
  
• A security rule issue has been resolved.
  
• The incident was cleared by an operator.
  

What is the best discovery scan option for a network environment where ping is disabled on all network devices?

• Smartscan
  
• Rangescan
  
• CMDBscan
  
• L2 scan