● NSE 5 - FortiSIEM 6.3 Exam Materials
Please note that the exam "NSE 5 - FortiSIEM 6.3 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - FortiSIEM 7.2 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #61
Question #62
When configuring collectors located in geographically separated sites, what ports must
be open on a front end firewall?
(Choose one answer)
- A. HTTPS, from the collector to the worker upload settings address only
- B. HTTPS, from the collector to the supervisor and worker upload settings addresses
- C. HTTPS, from the Internet to the collector
- D. HTTPS, from the Internet to the collector and from the collector to the FortiSIEM cluster
Question #63
Refer to the exhibit.
The output shows that the license is in which condition?
(Choose one answer)
- A. The license is invalid.
- B. The license is in an active state.
- C. The license is supported.
- D. The offline registration of the license is successful.
Question #64
In FortiSIEM enterprise licensing mode, if the link between the collector and data center FortiSIEM cluster is down, what happens? (Choose one answer)
- A. The collector buffers events.
- B. The collector processes stop, and events are dropped.
- C. The collector drops incoming events like syslog, but stops performance collection.
- D. The collector continues performance collection of devices, but stops receiving syslog.
Question #65
Which FortiSIEM feature must you use to produce a report on which FortiGate devices in
your environment are running which firmware version?
(Choose one answer)
- A. Run a CMDB report
- B. Run an analytic search.
- C. Run a query using the Inventory tab.
- D. Run a baseline report
Question #66
Refer to the exhibit.
Which section contains the settings that determine how many incidents are created?
(Choose one answer)
- A. Filters
- B. Group By
- C. Actions
- D. Aggregate
Question #67
Which statement about global thresholds and per device thresholds is true? (Choose one answer)
- A. FortiSIEM uses global thresholds for all security metrics
- B. FortiSIEM uses fixed hardcoded thresholds for all performance metrics.
- C. FortiSIEM uses global and per device thresholds for all performance metrics
- D. FortiSIEM uses global thresholds for all performance metrics
Question #68
An administrator is configuring FortiSIEM to discover network devices and receive syslog
from network devices.
Which statement is correct?
(Choose one answer)
- A. FortiSIEM uses privileged credentials to log in to devices and make network configuration changes.
- B. FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.
- C. Syslog configuration must be done manually on devices by the network administrator
- D. FortiSIEM automatically configures network devices to send syslog using the GUI discovery process.
Question #69
Which is a requirement for implementing FortiSIEM disaster recovery? (Choose one answer)
- A. All worker nodes must access both supervisor nodes using IP.
- B. SNMP, and WMI ports must be open between the two supervisor nodes.
- C. DNS names must be used for the worker upload addresses.
- D. The two supervisor nodes must have layer 2 connectivity.
Question #70
An administrator is in the process of renewing a FortiSIEM license.
Which two commands will provide the system ID?
(Choose two answers)
- A. ./phLicenseTool-show
- B. ./phLicenseTool -support
- C. phgetHWID
- D. phgetUUID
Refer to the exhibit.
Which value will FortiSIEM use to populate the Event Type field? (Choose one answer)