Free Fortinet NSE 5 – FortiSIEM 6.3 Exam NSE5_FSM-6.3 Exam Practice Test

Device discovery information is stored in which database?

• CMDB
• Profile DB
• Event DB
• SVN DB

An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices. Which statement is correct?

• FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.
• FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.
• FortiSIEM automatically configures network devices to send syslog using the GUI discovery process
• Syslog configuration must be done manually on devices by the network administrator.

How is a subparttern for a rule defined?

• Filters Aggregation. Group By definition
• Filters Group By definitions. Threshold
• Filters Threshold Time Window definitions
• Filters Aggregation Time Window definitions

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

• A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.
• A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.
• The Incident Count value increases, and the First Seen and Last Seen times update.
• The incident status changes to Repeated, and the First Seen and Last Seen times are updated.

In me FortiSIEM CLI. which command must you use to determine whether or not syslog is being received from a network device?

• tcpdump
• OphSyslogRecorder
• Onetcat
• phDeviceTest

What are the four categories of incidents?

• Devices, users, high risk, and low risk
• Performance, devices, high risk, and low risk
• Performance, availability, security, and change
• Security, change, high risk, and low risk

Which command displays the Linux agent status?

• Service fsm-linux-agent status
• Service Ao-linux-agent status
• Service fortisiem-linux-agent status
• Service linux-agent status

Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

• Profile DB
• Event DB
• CMDB
• SVN DB

Which statement about global thresholds and per device thresholds is true?

• FortiSIEM uses global and per device thresholds tor all performance metrics.
• FortiSIEM uses global thresholds for all performance metrics.
• FortiSIEM uses fixed hardcoded thresholds for all performance metrics.
• FortiSIEM uses global thresholds for all security metrics.

Which FortiSIEM components are capable of performing device discovery?

• FortiSIEM Windows agent
• Worker
• FortiSIEM Linux agent
• Collector