NSE5_FSM-6.3 exam

In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?A . The collector drops incoming events like syslog. but stops performance collection.B . The collector processes stop, and events ate dropped.C . The collector continues performance collection of devices, but...

Which two FortiSIEM components work together to provide real-time event correlation?A . Supervisor and workerB . Collector and Windows agentC . Worker and collectorD . Supervisor and collectorView AnswerAnswer: C Explanation: FortiSIEM Architecture: The FortiSIEM architecture includes several components such as Supervisors, Workers, Collectors, and Agents, each playing a distinct...

Which FortiSIEM feature must you use to produce a report on which FortiGate devices in your environment are running which firmware version?A . Run an analytic search.B . Run a query using the Inventory tab.C . Run a baseline report.D . Run a CMDB reportView AnswerAnswer: B Explanation: Feature Overview:...

Refer to the exhibit. Which value will FortiSIEM use to populate the Event Type field?A . PHL_INFOB . phPerfJobC . PH_DSV_MON_SYS_DISK_UTILD . diskUtilView AnswerAnswer: A Explanation: Event Type Population: In FortiSIEM, the Event Type field is populated based on specific identifiers within the raw message or event log. Raw Message...

A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?A . CMDB Report ConditionsB . Data ConditionsC . UI AccessView AnswerAnswer: B

A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?A . SupervisorB . WorkerC . CollectorD . AgentView AnswerAnswer: B

Which FortiSIEM components are capable of performing device discovery?A . FortiSIEM Windows agentB . WorkerC . FortiSIEM Linux agentD . CollectorView AnswerAnswer: D

In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?A . The collector drops incoming events like syslog. but slops performance collectionB . The collector continues performance collection of devices, but stops receiving syslogC . The collector buffers eventsD ....

What is a prerequisite for FortiSIEM Linux agent installation?A . The web server must be installed on the Linux server being monitoredB . The auditd service must be installed on the Linux server being monitoredC . The Linux agent manager server must be installed.D . Both the web server and...

If the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?A . Down status is assigned because of packet loss.B . Up status is assigned because of received packetsC . Critical status is assigned because of reduction...