Fortinet NSE5_FSM-6.3 - Fortinet NSE 5 - FortiSIEM 6.3 Exam
Page: 2 / 7
Total 31 questions
Question #6 (Topic: Exam A)
Refer to the exhibits.
Three events are collected over a 10-minute time period from two servers: Server A and Server B.
Based on the settings for the rule subpattern, how many incidents will the servers generate?
Three events are collected over a 10-minute time period from two servers: Server A and Server B.
Based on the settings for the rule subpattern, how many incidents will the servers generate?
A. Server A will generate one incident and Server B will generate one incident.
B. Server A will generate one incident and Server B will not generate any incidents.
C. Server B will generate one incident and Server A will not generate any incidents.
D. Server A will not generate any incidents and Server B will not generate any incidents.
Answer: B
Question #7 (Topic: Exam A)
An administrator is using SNMP and WMI credentials to discover a Windows device.
How will the WMI method handle this?
How will the WMI method handle this?
A. WMI method will collect only traffic and IIS logs.
B. WMI method will collect only DNS logs.
C. WMI method will collect only DHCP logs.
D. WMI method will collect security, application, and system events logs.
Answer: D
Question #8 (Topic: Exam A)
An administrator is in the process of renewing a FortiSIEM license.
Which two commands will provide the system ID? (Choose two.)
Which two commands will provide the system ID? (Choose two.)
A. phgetHWID
B. ./phLicenseTool -support
C. phgetUUID
D. ./phLicenseTool -show
Answer: AC
Question #9 (Topic: Exam A)
If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?
A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
B. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated.
C. The Incident Count value increases, and the First Seen and Last Seen times update.
D. The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
Answer: C
Question #10 (Topic: Exam A)
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search,
Based on the selected filters shown in the exhibit, why is the search returning no results?
The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search,
Based on the selected filters shown in the exhibit, why is the search returning no results?
A. Parenthesis are missing.
B. The wrong boolean operator is selected in the Next column.
C. The wrong option is selected in the Operator column.
D. An invalid IP subnet is typed in the Value column.
Answer: B
