● Fortinet NSE 5 - FortiSIEM 6.3 Actual Exam Materials

The Actual questions for NSE 5 - FortiSIEM 6.3 (NSE5_FSM-6.3) - Updated Weekly
Exam Questions: 63
Question #1
Comment Image Comment Image

FortiSIEM is deployed in disaster recover mode. When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two answers)

  • A. Promote the secondary workers to the primary roles using the phsecworker2priworker command.
  • B. Change the DNS configuration to ensure that user, devices, and collectors log in to secondary FortiSIEM.
  • C. Promote the secondary supervisor to the primary role using the phsecondary2primary command.
  • D. Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.

Question #2
Comment Image Comment Image

What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database? (Choose one answer)

  • A. The CMDB database must be on NFS
  • B. The event database must be on a local disk
  • C. The archive mount must be on a local disk
  • D. The event database must be on NFS

Question #3
Comment Image Comment Image

In the advanced analytical rules engine in FortiSIEM, multiple subpatterns can be referenced using which three operators? (Choose three answers)

  • A. AND
  • B. FOLLOWED_BY
  • C. ELSE
  • D. NOT
  • E. OR

Question #4
Comment Image Comment Image

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table? (Choose one answer)

  • A. The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
  • B. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
  • C. The Incident Count value increases, and the First Seen and Last Seen times update.
  • D. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated.

Question #5
Comment Image Comment Image

Device discovery information is stored in which database? (Choose one answer)

  • A. SVN DB
  • B. Profile DB
  • C. Event DB
  • D. CMDB

Question #6
Comment Image Comment Image

In FortiSIEM enterprise licensing mode, if the link between the collector and data center FortiSIEM cluster is down, what happens? (Choose one answer)

  • A. The collector buffers events.
  • B. The collector processes stop, and events are dropped.
  • C. The collector drops incoming events like syslog, but stops performance collection.
  • D. The collector continues performance collection of devices, but stops receiving syslog.

Question #7
Comment Image Comment Image

Which FortiSIEM components can do performance availability and performance monitoring? (Choose one answer)

  • A. Supervisor only
  • B. Supervisor and worker only
  • C. Supervisor, worker, and collector
  • D. Collector only

Question #8
Comment Image Comment Image

Which three ports can be used to send Syslog to FortiSIEM? (Choose three answers)

  • A. UDP 162
  • B. UDP 514
  • C. TCP 1470
  • D. TCP 514
  • E. UDP 9999

Question #9
Comment Image Comment Image

Which database Storing anomaly baseline data calculated for many parameters, such as traffic and device resource usage profiles, running averages and standard deviation values? (Choose one answer)

  • A. SVN DB
  • B. Profile DB
  • C. Event DB
  • D. CMDB

Question #10
Comment Image Comment Image

Which protocol do collector use to communicate with a FortiSIEM cluster? (Choose one answer)

  • A. Syslog
  • B. SNMP
  • C. HTTPS
  • D. SMTP