● NSE 5 - FortiSIEM 6.3 Exam Materials
Please note that the exam "NSE 5 - FortiSIEM 6.3 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #51
Question #52
Refer to the exhibit. An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid. Which is the correct expression? (Choose one answer)
- A. Matched Events(COUNT)
- B. (COUNT) Matched Events
- C. COUNT(Matched Events)
- D. Matched Events COUNT()
Question #53
An administrator is using SNMP credential only for discover of a Windows device.
How will FortiSIEM handle this?
(Choose one answer)
- A. FortiSIEM will apply a job to collect applications event logs.
- B. FortiSIEM will apply a job to collect system event logs.
- C. FortiSIEM will apply a job to collect security event logs.
- D. FortiSIEM will apply a system monitor jobs to collect resources data.
Question #54
If the reported packet loss is between 50% and 98%, which status is assigned to the device in the Availability column of the summary dashboard? (Choose one answer)
- A. Down status is assigned because of packet loss.
- B. Critical status is assigned because of reduction in number of packets received.
- C. Degraded status is assigned because of packet loss
- D. Up status is assigned because of received packets.
Question #55
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search. Based on the selected fillers shown in the exhibit, why is the search returning no results?
(Choose one answer)
- A. The wrong option is selected in the Operator column.
- B. Parenthesis are missing.
- C. An invalid IP subnet is typed in the Value column.
- D. The wrong boolean operator is selected in the Next column.
Question #56
An administrator wants to search for events received from Linux and Windows agents.
Which attributes should the administrator use in search filters, to view events received from agents only?
(Choose one answer)
- A. External Event Receive Raw Logs
- B. External Event Receive Agents
- C. Event Receive Protocol Agents
- D. External Event Receive Protocol
Question #57
What are four categories of incident? (Choose one answer)
- A. Performance, Device, High Risk, Low Risk
- B. Device, users, High Risk, Low Risk
- C. Security, Change, High Risk, Low Risk
- D. Performance, Availability, Security, Change.
Question #58
Which list in FortiSIEM is dynamic by nature and allows the addition of values by the rules engine? (Choose one answer)
- A. Bad IP list
- B. Watch list
- C. Malware list
- D. Device list
Question #59
What does the pause icon indicate? (Choose one answer)
- A. The pause icon indicates that collection paused due to an issue, such as a change of password.
- B. The pause icon indicates that data collection paused after the intervals shown for metrics
- C. The pause icon indicates that data collection execution failed because the device is not reachable.
- D. The pause icon indicates that data collection has not started.
Question #60
What is a prerequisite for FortiSIEM Linux agent installation? (Choose one answer)
- A. The web server must be installed on the Linux server being monitored
- B. The audit service must be installed on the Linux server being monitored
- C. The Linux agent manager server must be installed.
- D. Both the web server and the audit service must be installed on the Linux server being monitored
Refer to the exhibit. If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed? (Choose one answer)