NSE 5 - FortiSIEM 5.2

Here you have the best Fortinet NSE5_FSM-5.2 practice exam questions

  • You have 38 total questions across 8 pages (5 per page)
  • These questions were last updated on March 17, 2026
  • This site is not affiliated with or endorsed by Fortinet.
Question 1 of 38
Refer to the exhibit.
Exam NSE5_FSM-5.2: Question 1 - Image 1
A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
Answer

Suggested Answer

The suggested answer is B.

The fields highlighted in red indicate that there is an issue with those specific attributes. In this context, the attribute 'COUNT (Matched Events)' is an invalid expression, which is why it is highlighted. COUNT can be used in expressions or operations, but it must be correctly formatted and applicable within the report configuration. Other options do not explain the red highlighting correctly.

Community Votes2 votes
CMost voted
100%
Question 2 of 38
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?
Answer

Suggested Answer

The suggested answer is B.

In the rules engine, the condition that instructs FortiSIEM to summarize and count the matching evaluated data is 'Aggregation'. Aggregation combines multiple data records into a single summary record, which involves counting and summarizing the data based on specific criteria.

Community Votes2 votes
BSuggested
100%
Question 3 of 38
Refer to the exhibit.
Exam NSE5_FSM-5.2: Question 3 - Image 1
How was the FortiGate device discovered by FortiSIEM?
Answer

Suggested Answer

The suggested answer is D.

The FortiGate device was discovered by FortiSIEM through auto log discovery. This conclusion is drawn from the 'Method: LOG' indication in the exhibit. The absence of a version number implies that the discovery method did not use SNMP credentials, which aligns with auto log discovery rather than GUI log discovery or other methods.

Community Votes3 votes
DSuggested
100%
Question 4 of 38
Refer to the exhibit.
Exam NSE5_FSM-5.2: Question 4 - Image 1
If events are grouped by Reporting IP, Event Type, and user attributes in FortiSIEM, how many results will be displayed?
Answer

Suggested Answer

The suggested answer is D.

When grouped by Reporting IP, Event Type, and user attributes, the results indicated in the exhibit would be combined based on these values. Here are the distinct groups: (10.10.10.10, Failed Logon, Ryan), (10.10.10.11, Failed Logon, John), (10.10.10.10, Failed Logon, Paul), (10.10.10.11, Failed Logon, Wendy), and (10.10.10.10, Failed Logon, Ryan with a different Source IP). These combine to five distinct results.

Community Votes2 votes
DSuggested
100%
Question 5 of 38
Which two FortiSIEM components work together to provide real-time event correlation?
Answer

Suggested Answer

The suggested answer is B.

The Supervisor and worker components work together to provide real-time event correlation in FortiSIEM. The Supervisor is responsible for the overall management, correlation, and analysis of data, while the worker nodes perform distributed data processing and initial correlation tasks. This distributed architecture allows for efficient handling of large volumes of events in real-time.

Community Votes2 votes
BSuggested
100%

About the Fortinet NSE5_FSM-5.2 Certification Exam

About the Exam

The Fortinet NSE5_FSM-5.2 (NSE 5 - FortiSIEM 5.2) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 38 practice questions across 8 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our NSE5_FSM-5.2 questions are regularly updated to reflect the latest exam objectives.