NSE5_FSM-5.2 Free Practice Test

If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?

1. A. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
2. B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
3. C. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
4. D. The Incident Count value increases, and the First Seen and Last Seen tomes update

Correct Answer: A

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?

1. A. The keyword is case sensitive Instead of typing TCP in the Value fiel
2. B. the administrator should type tcp.
3. C. In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
4. D. The administrator selected - in the Operator column That a the wrong operator.
5. E. The administrator selected AND in the Next drop-down lis
6. F. This is the wrong boolean operator.

Correct Answer: C

A FortiSIEM supervisor at headquarters is struggling to keep up with an increase of EPS (Events Per Second) being reported across the enterprise. What components should an administrator consider deploying to assist the supervisor with processing data?

1. A. Supervisor
2. B. Worker
3. C. Collector
4. D. Agent

Correct Answer: B

What are the four categories of incidents?

1. A. Devices, users, high risk, and low risk
2. B. Performance, availability, security, and change
3. C. Performance, devices, high risk, and low risk
4. D. Security, change, high risk, and low risk

Correct Answer: B

Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

1. A. Matched Events COUNT()
2. B. Matched Events(COUNT)
3. C. COUNT(Matched Events)
4. D. (COUNT) Matched Events

Correct Answer: C