• Home
  • Blogs
  • SurePassExams NSE5_FSM-5.2 Dumps Real Exam Questions Test Engine Dumps Training [Q11-Q31]

SurePassExams NSE5_FSM-5.2 Dumps Real Exam Questions Test Engine Dumps Training [Q11-Q31]

Share

SurePassExams NSE5_FSM-5.2 Dumps Real Exam Questions Test Engine Dumps Training

Fortinet NSE5_FSM-5.2 exam dumps and online Test Engine

NEW QUESTION 11
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP9999
  • B. TCP 514
  • C. UDP 514
  • D. TCP 1470
  • E. UDP 162

Answer: B,C,D

 

NEW QUESTION 12
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

  • A. Event Received Proto Agents
  • B. External Event Receive Agents
  • C. External Event Receive Protocol
  • D. External Event Receive Raw Logs

Answer: C

 

NEW QUESTION 13
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  • B. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • C. The administrator selected - in the Operator column That a the wrong operator.
  • D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Answer: C

 

NEW QUESTION 14
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

  • A. (COUNT) Matched Events
  • B. Matched Events COUNT()
  • C. Matched Events(COUNT)
  • D. COUNT(Matched Events)

Answer: D

 

NEW QUESTION 15
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

  • A. Event Received Proto Agents
  • B. External Event Receive Protocol
  • C. External Event Receive Agents
  • D. External Event Receive Raw Logs

Answer: D

 

NEW QUESTION 16
Which item is required to register a FortiSIEM appliance license?

  • A. Static MAC address
  • B. Static Hardware ID
  • C. Static storage
  • D. Static IP address

Answer: B

 

NEW QUESTION 17
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. LDAP start TLS
  • B. WMI
  • C. LDAPS
  • D. TELNET

Answer: D

 

NEW QUESTION 18
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Eight results will be displayed
  • B. Two results will be displayed
  • C. Unique attributes cannot be grouped
  • D. Four results will be displayed

Answer: C

 

NEW QUESTION 19
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Through auto log discovery
  • B. Through syslog discovery
  • C. Through GUI log discovery
  • D. Using the pull events method

Answer: C

 

NEW QUESTION 20
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. Unique attributes cannot be grouped.
  • B. No RAW Event Log attribute is available for devices.
  • C. The Event Receive Time attribute is not available for logs.
  • D. The attribute COUNT(Matched event) is an invalid expression.

Answer: A

 

NEW QUESTION 21
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

  • A. CMDB
  • B. SVN DB
  • C. Event DB
  • D. Profile DB

Answer: D

 

NEW QUESTION 22
Device discovery information is stored in which database?

  • A. Profile DB
  • B. SVN DB
  • C. Event DB
  • D. CMDB

Answer: D

 

NEW QUESTION 23
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

  • A. Supervisor
  • B. Collector
  • C. Worker
  • D. Agent

Answer: C

 

NEW QUESTION 24
What are the four categories of incidents?

  • A. Performance, devices, high risk, and low risk
  • B. Performance, availability, security, and change
  • C. Security, change, high risk, and low risk
  • D. Devices, users, high risk, and low risk

Answer: B

 

NEW QUESTION 25
To determine SNMP discovery issues, which is the best command from the backend?

  • A. snmptest
  • B. ssh
  • C. snmpwalk
  • D. phSNMPTest

Answer: C

 

NEW QUESTION 26
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  • B. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • C. The administrator selected - in the Operator column That a the wrong operator.
  • D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Answer: C

 

NEW QUESTION 27
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Group By
  • B. Time Window
  • C. Aggregation
  • D. Filters

Answer: C

 

NEW QUESTION 28
Which process converts Raw log data to structured data?

  • A. Data classification
  • B. Data enrichment
  • C. Data parsing
  • D. Data validation

Answer: D

 

NEW QUESTION 29
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. There results will be displayed.
  • B. Seven results will be displayed.
  • C. Five results will be displayed.
  • D. Unique attribute cannot be grouped.

Answer: C

 

NEW QUESTION 30
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was applied during discovery, but data collection has not started
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.
  • D. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.

Answer: C

 

NEW QUESTION 31
......

Fortinet NSE5_FSM-5.2: Selling NSE 5 Network Security Analyst Products and Solutions: https://certmagic.surepassexams.com/NSE5_FSM-5.2-exam-bootcamp.html

Related Blogs

more
Fortinet NSE5_FSM-5.2 Certification Practice Exam

Copyright © 2026 SUREPASSEXAMS.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.