● NSE 5 - FortiSIEM 6.3 Exam Materials
Please note that the exam "NSE 5 - FortiSIEM 6.3 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #21
Question #22
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
(Choose one answer)
- A. Through auto log discovery
- B. Through syslog discovery
- C. Using the pull events method
- D. Through GUI log discovery
Question #23
Refer to the exhibit.
A FortiSIEM administrator wants to group some attributes for a report but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
(Choose one answer)
- A. Unique attribute cannot be grouped.
- B. The attribute COUNT(Matched events) is an invalid expression.
- C. The Event Receive Log Time attribute is not available for logs
- D. No RAW Event Log attribute is available for devices
Question #24
A FortiSIEM administrator wants to collect both SIEM events logs and performance and availability metrics (PAM) events from a Microsoft Windows server.
Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?
(Choose one answer)
- A. TELNET
- B. WMI
- C. LDAPS
- D. LDAP star TLS
Question #25
What do the yellow stars listed in the Monitor column indicate? (Choose one answer)
- A. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully.
- B. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSIEM was unable to collect data.
- C. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
- D. A yellow star indicates that a metric was applied during discovery, but data collection has not started.
Question #26
If an incident’s status is Cleared, what does this mean? (Choose one answer)
- A. A security rule issue has been resolved.
- B. Two hours have passed since the incident occurred and the incident has not reoccurred.
- C. The incident was cleared by an operator.
- D. A clear condition set on a rule was satisfied.
Question #27
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type? (Choose one answer)
- A. PH_DEV_MON_PROC_STOP
- B. Postfix-Mail-Stop
- C. Generic_SMTP_Process_Exit
- D. PH_DEV_MON_SMTP_STOP
Question #28
If events are grouped by Reporting IP, Event Type, and User attributes in FortiSIEM, how many results will be displayed? (Choose one answer)
- A. Five results will be displayed.
- B. Seven results will be displayed.
- C. Three results will be displayed.
- D. No results will be displayed.
Question #29
Which process converts Raw log data to structured data? (Choose one answer)
- A. Data parsing
- B. Data validation
- C. Data classification
- D. Data enrichment
Question #30
What are the four possible incident status values? (Choose one answer)
- A. Active, Closed, Manual, Resolved
- B. Active, Closed, Cleared, Open
- C. Active, Cleared, Cleared manually, System cleared
- D. Active, Auto cleared, Manual, False positive
Which two FortiSIEM components work together to provide real-time event correlation? (Choose one answer)