Practice Free NSE5_FSM-6.3 Exam Online Questions
Consider the storage of anomaly baseline date that is calculated for different parameters.
Which database is used for storing this data?
- A . Event DB
- B . Profile DB
- C . SVNDB
- D . CMDB
Consider the storage of anomaly baseline date that is calculated for different parameters.
Which database is used for storing this data?
- A . Event DB
- B . Profile DB
- C . SVNDB
- D . CMDB
Refer to the exhibit.
A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.
Based on the selected filters shown in the exhibit, why are there no search results?
- A . The keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.
- B . In the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.
- C . The administrator selected – in the Operator column That a the wrong operator.
- D . The administrator selected AND in the Next drop-down list. This is the wrong boolean operator.
If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?
- A . A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.
- B . A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.
- C . The Incident Count value increases, and the First Seen and Last Seen times update.
- D . The incident status changes to Repeated, and the First Seen and Last Seen times are updated.
In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?
- A . The collector drops incoming events like syslog. but stops performance collection.
- B . The collector processes stop, and events ate dropped.
- C . The collector continues performance collection of devices, but slops receiving syslog.
- D . The collector buffers events
Refer to the exhibit.
The FortiSIEM administrator is examining events for two devices to investigate an issue. However, the administrator is not getting any results from their search.
Based on the selected filters shown in the exhibit, why is the search returning no results?
- A . Parenthesis are missing.
- B . The wrong boolean operator is selected in the Next column.
- C . The wrong option is selected in the Operator column.
- D . An invalid IP subnet is typed in the Value column.
Refer to the exhibit.
An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?
- A . Matched Events COUNT()
- B . Matched Events(COUNT)
- C . COUNT(Matched Events)
- D . (COUNT) Matched Events
Refer to the exhibit.
A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
- A . Unique attributes cannot be grouped.
- B . The Event Receive Time attribute is not available for logs.
- C . The attribute COUNT(Matched events) is an invalid expression.
- D . No RAW Event Log attribute is available for devices.