Free Fortinet NSE 5 – FortiSIEM 6.3 Exam NSE5_FSM-6.3 Exam Practice Test

An administrator defines SMTP as a critical process on a Linux server.It the SMTP process is stopped. FortiSIEM will generate a critical event with which event type?

• Postfix-Mail-Stop
• PH_DEV_MON_PROC_STOP
• PH_DEV_MON_SMTP_STOP
• Generic_SMTP_Procoss_Exit

What are the four possible incident status values?

• Active, dosed, cleared, open
• Active, cleared, cleared manually, system cleared
• Active, closed, manual, resolved
• Active, auto cleared, manual, false positive

In me FortiSIEM CLI. which command must you use to determine whether or not syslog is being received from a network device?

• tcpdump
• OphSyslogRecorder
• Onetcat
• phDeviceTest

What does the Frequency field determine on a rule?

• How often the rule will evaluate the subpattern.
• How often the rule will trigger for the same condition.
• How often the rule will trigger.
• How often the rule will take a clear action.

Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

• UDP9999
• UDP 162
• TCP 514
• UDP 514
• TCP 1470

Which process converts raw log data to structured data?

• Data classification
• Data validation
• Data parsing
• Data enrichment

Consider the storage of anomaly baseline date that is calculated for different parameters. Which database is used for storing this data?

• Event DB
• Profile DB
• SVNDB
• CMDB

Which two FortiSIEM components work together to provide real-time event correlation?

• Supervisor and worker
• Collector and Windows agent
• Worker and collector
• Supervisor and collector

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

• FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.
• FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.
• FortiSIEM automatically configures network devices to send syslog using the GUI discovery process
• Syslog configuration must be done manually on devices by the network administrator.

FortiSIEM is deployed in disaster recovery mode.When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two.)

• Promote the secondary workers to the primary rotes using the phSecworker2priworker command.
• Promote the secondary supervisor to the primary role using the phSecondary2primary command.
• Change the DNS configuration to ensure that users, devices, and collectors log in to the secondary FortiSIEM.
• Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.