● NSE 5 - FortiSIEM 6.3 Exam Materials

Please note that the exam "NSE 5 - FortiSIEM 6.3 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"

The new exam version is available on Brave-Dumps and can be purchased.



Question #1
Comment Image Comment Image Comment Image

FortiSIEM is deployed in disaster recover mode.

When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two answers)

  • A. Promote the secondary workers to the primary roles using the phsecworker2priworker command.
  • B. Change the DNS configuration to ensure that user, devices, and collectors log in to secondary FortiSIEM.
  • C. Promote the secondary supervisor to the primary role using the phsecondary2primary command.
  • D. Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.

Question #2
Comment Image Comment Image Comment Image

What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database? (Choose one answer)

  • A. The CMDB database must be on NFS
  • B. The event database must be on a local disk
  • C. The archive mount must be on a local disk
  • D. The event database must be on NFS

Question #3
Comment Image Comment Image Comment Image

In the advanced analytical rules engine in FortiSIEM, multiple subpatterns can be referenced using which three operators? (Choose three answers)

  • A. AND
  • B. FOLLOWED_BY
  • C. ELSE
  • D. NOT
  • E. OR

Question #4
Comment Image Comment Image Comment Image

If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table? (Choose one answer)

  • A. The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
  • B. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
  • C. The Incident Count value increases, and the First Seen and Last Seen times update.
  • D. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated.

Question #5
Comment Image Comment Image Comment Image

Device discovery information is stored in which database? (Choose one answer)

  • A. SVN DB
  • B. Profile DB
  • C. Event DB
  • D. CMDB

Question #6
Comment Image Comment Image Comment Image

An administrator is using SNMP and WMI credentials to discover a Windows device.
How will the WMI method handle this? (Choose one answer)

  • A. WMI method will collect security, application, and system events logs.
  • B. WMI method will collect only DHCP logs.
  • C. WMI method will collect only traffic and IIS logs.
  • D. WMI method will collect only DNS logs.

Question #7
Comment Image Comment Image Comment Image

Which FortiSIEM components can do performance availability and performance monitoring? (Choose one answer)

  • A. Supervisor only
  • B. Supervisor and worker only
  • C. Supervisor, worker, and collector
  • D. Collector only

Question #8
Comment Image Comment Image Comment Image

Which three ports can be used to send Syslog to FortiSIEM? (Choose three answers)

  • A. UDP 162
  • B. UDP 514
  • C. TCP 1470
  • D. TCP 514
  • E. UDP 9999

Question #9
Comment Image Comment Image Comment Image

Which database Storing anomaly baseline data calculated for many parameters, such as traffic and device resource usage profiles, running averages and standard deviation values? (Choose one answer)

  • A. SVN DB
  • B. Profile DB
  • C. Event DB
  • D. CMDB

Question #10
Comment Image Comment Image Comment Image

Which protocol do collector use to communicate with a FortiSIEM cluster? (Choose one answer)

  • A. Syslog
  • B. SNMP
  • C. HTTPS
  • D. SMTP