[2022年03月21日] 最新版を今すぐ試そうNSE5_FSM-5.2練習テスト問題解答
NSE5_FSM-5.2問題集と試験テストエンジン
質問 23
What is a prerequisite for FortiSIEM Linux agent installation?
- A. Both the web server and the audit service must be installed on the Linux server being monitored
- B. The auditd service must be installed on the Linux server being monitored
- C. The web server must be installed on the Linux server being monitored
- D. The Linux agent manager server must be installed.
正解: A
質問 24
Device discovery information is stored in which database?
- A. Event DB
- B. Profile DB
- C. SVN DB
- D. CMDB
正解: D
質問 25
Which command displays the Linux agent status?
- A. Service fsm-linux-agent status
- B. Service linux-agent status
- C. Service Ao-linux-agent status
- D. Service fortisiem-linux-agent status
正解: D
質問 26
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Using the pull events method
- B. Through GUI log discovery
- C. Through syslog discovery
- D. Through auto log discovery
正解: B
質問 27
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
- A. Group By
- B. Time Window
- C. Filters
- D. Aggregation
正解: A
質問 28
Which FortiSIEM components can do performance availability and performance monitoring?
- A. Supervisor and workers only
- B. Supervisor only
- C. Supervisor, worker, and collector
- D. Collectors only
正解: C
質問 29
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.
- A. External Event Receive Agents
- B. External Event Receive Protocol
- C. External Event Receive Raw Logs
- D. Event Received Proto Agents
正解: C
質問 30
Refer to the exhibit.
If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?
- A. Two results will be displayed
- B. Four results will be displayed
- C. Unique attributes cannot be grouped
- D. Eight results will be displayed
正解: C
質問 31
Refer to the exhibit.
If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?
- A. Two results will be displayed
- B. Four results will be displayed
- C. Unique attributes cannot be grouped
- D. Eight results will be displayed
正解: C
質問 32
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
- A. Aggregation
- B. Time Window
- C. Filters
- D. Group By
正解: A
質問 33
Which two FortiSIEM components work together to provide real-time event correlation?
- A. Supervisor and collector
- B. Worker and collector
- C. Supervisor and worker
- D. Collector and Windows agent
正解: A
質問 34
If an incident's status is Cleared, what does this mean?
- A. Two hours have passed since the incident occurred and the incident has not reoccurred.
- B. A security rule issue has been resolved.
- C. A clear condition set on a rule was satisfied.
- D. The incident was cleared by an operator.
正解: A
質問 35
If a performance rule is triggered repeatedly due to high CPU use. what occurs m the incident table?
- A. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times are updated
- B. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
- C. A new incident is created each time the rule is triggered, and the First Seen and Last Seen times are updated.
- D. The Incident Count value increases, and the First Seen and Last Seen tomes update
正解: C
質問 36
Which process converts Raw log data to structured data?
- A. Data enrichment
- B. Data classification
- C. Data validation
- D. Data parsing
正解: C
質問 37
Refer to the exhibit.
An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?
- A. (COUNT) Matched Events
- B. COUNT(Matched Events)
- C. Matched Events(COUNT)
- D. Matched Events COUNT()
正解: B
質問 38
What operating system is FortiSIEM based on?
- A. Cent OS
- B. Ubuntu
- C. Microsoft Windows
- D. RedHat
正解: A
質問 39
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?
- A. PH_DEV_MON_PROC_STOP
- B. Generic_SMTP_Process_Exit
- C. Postfix-Mail-Slop
- D. PH_DEV_MON_SMTP_STOP
正解: D
質問 40
To determine whether or not syslog is being received from a network device, which is the best command from the backend?
- A. netcat
- B. phSyslogRecorder
- C. phDeviceTest
- D. tcpdump
正解: D
質問 41
What are the four possible incident status values?
- A. Active, dosed, cleared, open
- B. Active, closed, manual, resolved
- C. Active, auto cleared, manual, false positive
- D. Active, cleared, cleared manually, system cleared
正解: B
質問 42
Which item is required to register a FortiSIEM appliance license?
- A. Static IP address
- B. Static storage
- C. Static MAC address
- D. Static Hardware ID
正解: D
質問 43
Refer to the exhibit.
Three events are collected over a 10-minutc time period from two servers Server A and Server B.
Based on the settings being used for the rule subpattern. how many incidents will the servers generate?
- A. Server A will generate one incident and Server B wifl generate one incident
- B. Server A will not generate any incidents and Server B will not generate any incidents
- C. Server A will generate one incident and Server B will not generate any incidents
- D. Server B will generate one incident and Server A will not generate any incidents
正解: B
質問 44
Refer to the exhibit.
How was the FortiGate device discovered by FortiSIEM?
- A. Using the pull events method
- B. Through GUI log discovery
- C. Through syslog discovery
- D. Through auto log discovery
正解: B
質問 45
......
2022年最新のGoShiken NSE5_FSM-5.2のPDFで最近更新された問題です:https://www.goshiken.com/Fortinet/NSE5_FSM-5.2-mondaishu.html