Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Updated Free Fortinet NSE5_FSM-5.2 Test Engine Questions with 43 Q&As [Q13-Q38]

Updated Free Fortinet NSE5_FSM-5.2 Test Engine Questions with 43 Q&As [Q13-Q38]

Share

Updated Free Fortinet NSE5_FSM-5.2 Test Engine Questions with 43 Q&As

The Best NSE 5 Network Security Analyst NSE5_FSM-5.2 Professional Exam Questions

NEW QUESTION 13
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Filters
  • B. Group By
  • C. Time Window
  • D. Aggregation

Answer: D

 

NEW QUESTION 14
Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

  • A. Unique attributes cannot be grouped.
  • B. The Event Receive Time attribute is not available for logs.
  • C. The attribute COUNT(Matched event) is an invalid expression.
  • D. No RAW Event Log attribute is available for devices.

Answer: A

 

NEW QUESTION 15
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

  • A. CMDB scan
  • B. L2 scan
  • C. Range scan
  • D. Smart scan

Answer: D

 

NEW QUESTION 16
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was applied during discovery, but data collection has not started
  • D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: C

 

NEW QUESTION 17
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

  • A. CMDB Report Conditions
  • B. UI Access
  • C. Data Conditions

Answer: C

 

NEW QUESTION 18
Refer to the exhibit.

If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how ,many results will be displayed?

  • A. There results will be displayed.
  • B. Unique attribute cannot be grouped.
  • C. Seven results will be displayed.
  • D. Five results will be displayed.

Answer: D

 

NEW QUESTION 19
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?

  • A. 64GB RAM
  • B. 16GB RAM
  • C. 32GB RAM
  • D. 24GB RAM

Answer: D

 

NEW QUESTION 20
Which two export methods are available for FortiSIEM analytics results? (Choose two.)

  • A. PDF
  • B. CSV
  • C. HTML
  • D. PNG

Answer: A,B

 

NEW QUESTION 21
Which FortiSIEM components can do performance availability and performance monitoring?

  • A. Supervisor, worker, and collector
  • B. Collectors only
  • C. Supervisor only
  • D. Supervisor and workers only

Answer: A

 

NEW QUESTION 22
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. TCP 514
  • B. UDP 514
  • C. TCP 1470
  • D. UDP9999
  • E. UDP 162

Answer: A,B,C

 

NEW QUESTION 23
Refer to the exhibit.

What do the yellow stars listed in the Monitor column indicate?

  • A. A yellow star indicates that a metric was applied during discovery, but FortiSIEM is unable to collect data.
  • B. A yellow star indicates that a metric was applied during discovery, and data has been collected successfully
  • C. A yellow star indicates that a metric was applied during discovery, but data collection has not started
  • D. A yellow star indicates that a metric was not applied during discovery and, therefore, FortiSEIM was unable to collect data.

Answer: D

 

NEW QUESTION 24
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Using the pull events method
  • B. Through syslog discovery
  • C. Through auto log discovery
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 25
A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

  • A. Supervisor
  • B. Worker
  • C. Collector
  • D. Agent

Answer: B

 

NEW QUESTION 26
What protocol can be used to collect Windows event logs in an agentless method?

  • A. SMTP
  • B. WMI
  • C. SSH
  • D. SNMP

Answer: B

 

NEW QUESTION 27
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

  • A. LDAPS
  • B. LDAP start TLS
  • C. WMI
  • D. TELNET

Answer: D

 

NEW QUESTION 28
What is a prerequisite for a FortiSIEM supervisor with a worker deployment, using the proprietary flat file database?

  • A. The event database must be on NFS
  • B. The CMDB database must be on NFS
  • C. The event database must be on a local disk
  • D. The \archive mount must be on a local disk

Answer: A

 

NEW QUESTION 29
Which three ports can be used to send Syslogs to FortiSIEM? (Choose three.)

  • A. UDP 514
  • B. TCP 1470
  • C. UDP9999
  • D. TCP 514
  • E. UDP 162

Answer: A,B,E

 

NEW QUESTION 30
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

  • A. Eight results will be displayed
  • B. Two results will be displayed
  • C. Four results will be displayed
  • D. Unique attributes cannot be grouped

Answer: D

 

NEW QUESTION 31
Refer to the exhibit.

The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?

  • A. Parenthesis are missing
  • B. The wrong boolean operator is selected in the Next column
  • C. An invalid IP subnet is typed in the Value column
  • D. The wrong option is selected in the Operator column

Answer: B

 

NEW QUESTION 32
Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

  • A. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
  • B. The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
  • C. The administrator selected - in the Operator column That a the wrong operator.
  • D. The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Answer: C

 

NEW QUESTION 33
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

  • A. Group By
  • B. Aggregation
  • C. Filters
  • D. Time Window

Answer: A

 

NEW QUESTION 34
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

  • A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
  • B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
  • C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
  • D. The Incident Count value increases, and the First Seen and Last Seen tomes update

Answer: A

 

NEW QUESTION 35
Refer to the exhibit.

How was the FortiGate device discovered by FortiSIEM?

  • A. Using the pull events method
  • B. Through syslog discovery
  • C. Through auto log discovery
  • D. Through GUI log discovery

Answer: D

 

NEW QUESTION 36
Which process converts Raw log data to structured data?

  • A. Data enrichment
  • B. Data parsing
  • C. Data validation
  • D. Data classification

Answer: C

 

NEW QUESTION 37
......

Try 100% Updated NSE5_FSM-5.2 Exam Questions [2022]: https://www.testsimulate.com/NSE5_FSM-5.2-study-materials.html

Related Blogs

more
Go To NSE5_FSM-5.2 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.