● NSE 5 - FortiSIEM 6.3 Exam Materials

Please note that the exam "NSE 5 - FortiSIEM 6.3 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"

The new exam version is available on Brave-Dumps and can be purchased.



Question #11
Comment Image Comment Image Comment Image

In which state can a device be moved into the CMDB to prevent monitoring log collection? (Choose one answer)

  • A. Void
  • B. Pending
  • C. Unapproved
  • D. Unmanaged

Question #12
Comment Image Comment Image Comment Image

Which FortiSIEM components are capable of performing devices discovery? (Choose one answer)

  • A. FortiSIEM Windows agent
  • B. Worker
  • C. Collector
  • D. FortiSIEM Linux agent

Question #13
Comment Image Comment Image Comment Image

If FortiSIEM supervisor is deployed with the worker using the proprietary flat file database, which action is required? (Choose one answer)

  • A. A separate network interface must be used for the storage network
  • B. Collectors must be deployed
  • C. A FortiSIEM service provider license must be obtained
  • D. An event database must be placed on NFS

Question #14
Comment Image Comment Image Comment Image

What can you do with rules on FortiSIEM? (Choose one answer)

  • A. Only activate or de-activate multiple rules
  • B. Only view, edit, and activate a single rule one time
  • C. Only change the severity of multiple rules
  • D. Change the severity of multiple rules, and activate or de-activate multiple rules

Question #15
Comment Image Comment Image Comment Image

Refer to the exhibits.
Three events are collected over a 10-minute time period from two servers: Server A and Server B.
Based on the settings for the rule subpattern, how many incidents many incidents will the servers generate? (Choose one answer)

  • A. Server A will not generate any incidents and Server B will not generate any incidents.
  • B. Server A will generate one incident and Server A will not generate any incidents.
  • C. Server A will generate one incident and Server B will generate one incident.
  • D. Server B will generate one incident and Server A will not generate any incidents.

Question #16
Comment Image Comment Image Comment Image

Refer to the exhibit.

Which value will FortiSIEM use to populate the Connection Id field? (Choose one answer)

  • A. 134
  • B. 408228
  • C. 33909
  • D. The connection ID is not in the raw message.

Question #17
Comment Image Comment Image Comment Image

What action must you take to produce a report that indicates which OS version the Windows servers in your environment are running on? (Choose one answer)

  • A. Run an analytic search
  • B. Run a CMDB report
  • C. Use the inventory tab to run a query
  • D. Run a baseline report

Question #18
Comment Image Comment Image Comment Image

Which process runs for Windows FortiSIEM agent? (Choose one answer)

  • A. FortiSIEMwinAgt.exe
  • B. AoWinAgt.exe
  • C. WAwinAgt.exe
  • D. FsmWinAgt.exe

Question #19
Comment Image Comment Image Comment Image

Which two FortiSIEM components can perform discovery? (Choose two answers)

  • A. Super
  • B. Collector
  • C. Worker
  • D. FortiSIEM Windows Agent

Question #20
Comment Image Comment Image Comment Image

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data? (Choose one answer)

  • A. Group By
  • B. Aggregation
  • C. Time Window
  • D. Filters