Fortinet NSE5_FSM-6.3 Practice Questions

Device discovery information is stored in which database?

A. CMDB

B. Profile DB

C. Event DB

D. SVN DB

Consider the storage of anomaly baseline date that is calculated for different parameters. Which database is used for storing this data?

A. Event DB

B. Profile DB

C. SVNDB

D. CMDB

How is a subpattern for a rule defined?

A. Filters, Aggregation, Group by definitions

B. Filters, Group By definitions, Threshold

C. Filters, Threshold, Time Window definitions

D. Filters, Aggregation, Time Window definitions

An administrator wants to search for events received from Linux and Windows agents. Which attribute should the administrator use in search filters, to view events received from agents only.

A. External Event Receive Protocol

B. Event Received Proto Agents

C. External Event Receive Raw Logs

D. External Event Receive Agents

Refer to the exhibit.

Which section contains the sortings that determine how many incidents are created?

A. Actions

B. Group By

C. Aggregate

D. Filters

FortiSIEM is deployed in disaster recovery mode. When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two.)

A. Promote the secondary workers to the primary roles using the phSecworker2priworker command.

B. Promote the secondary supervisor to the primary role using the phSecondary2primary command.

C. Change the DNS configuration to ensure that users, devices, and collectors log in to the secondary FortiSIEM.

D. Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.

In the advanced analytical rules engine in FortiSIEM, multiple subpatterms can be referenced using which three operation?(Choose three.)

A. ELSE

B. NOT

C. FOLLOWED_BY

D. AND