NSE5_FSM-5.2 Free Practice Test

A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

1. A. CMDB Report Conditions
2. B. Data Conditions
3. C. UI Access

Correct Answer: B

An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

1. A. External Event Receive Protocol
2. B. Event Received Proto Agents
3. C. External Event Receive Raw Logs
4. D. External Event Receive Agents

Correct Answer: A

Which command displays the Linux agent status?

1. A. Service fsm-linux-agent status
2. B. Service Ao-linux-agent status
3. C. Service fortisiem-linux-agent status
4. D. Service linux-agent status

Correct Answer: C

In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

1. A. Time Window
2. B. Aggregation
3. C. Group By
4. D. Filters

Correct Answer: B

Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?

1. A. CMDB scan
2. B. L2 scan
3. C. Range scan
4. D. Smart scan

Correct Answer: D