NSE5_FSM-5.2試験無料問題集（43題）「Fortinet NSE 5

NSE5_FSM-5.2試験無料問題集「Fortinet NSE 5 - FortiSIEM 5.2 認定」

出題：1

What protocol can be used to collect Windows event logs in an agentless method?

A. SMTP

B. SNMP

C. WMI

D. SSH

正解：C 解答を投票する

出題：2

Refer to the exhibit.

Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?

A. Server B will generate one incident and Server A will not generate any incidents

B. Server A will not generate any incidents and Server B will not generate any incidents

C. Server A will generate one incident and Server B will not generate any incidents

D. Server A will generate one incident and Server B wifl generate one incident

正解：B 解答を投票する

出題：3

Refer to the exhibit.

A FortiSlEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?

A. No RAW Event Log attribute is available for devices.

B. The Event Receive Time attribute is not available for logs.

C. The attribute COUNT(Matched event) is an invalid expression.

D. Unique attributes cannot be grouped.

正解：D 解答を投票する

出題：4

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

A. Postfix-Mail-Slop

B. PH_DEV_MON_PROC_STOP

C. Generic_SMTP_Process_Exit

D. PH_DEV_MON_SMTP_STOP

正解：B 解答を投票する