Fortinet NSE5_FSM-5.2 - NSE 5 - FortiSIEM 5.2 Exam
Page: 1 / 8
Total 38 questions
Question #1 (Topic: Exam A)
Refer to the exhibit.
A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
A. The Event Receive Time attribute is not available for logs.
B. The attribute COUNT (Matched event) is an invalid expression.
C. Unique attributes cannot be grouped.
D. No RAW Event Log attribute is available for devices.
Answer: C
Question #2 (Topic: Exam A)
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
A. Time Window
B. Aggregation
C. Group By
D. Filters
Answer: C
Question #3 (Topic: Exam A)
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
How was the FortiGate device discovered by FortiSIEM?
A. Through GUI log discovery
B. Through syslog discovery
C. Using the pull events method
D. Through auto log discovery
Answer: A
Question #4 (Topic: Exam A)
Refer to the exhibit.
If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how many results will be displayed?
If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how many results will be displayed?
A. Seven results will be displayed.
B. Three results will be displayed.
C. Unique attribute cannot be grouped.
D. Five results will be displayed.
Answer: D
Question #5 (Topic: Exam A)
Which two FortiSIEM components work together to provide real-time event correlation?
A. Collector and Windows agent
B. Supervisor and worker
C. Worker and collector
D. Supervisor and collector
Answer: D
