Fortinet nse5_fsm-52 Exam Dumps

Question 6 of 31

What protocol can be used to collect Windows event logs in an agentless method?

SSH

SNMP

WMI

SMTP

Correct Answer: C

WMI (Windows Management Instrumentation) is a protocol that can be used to collect Windows event logs in an agentless method. WMI allows for management and monitoring of Windows-based systems, providing a standardized interface for accessing system information including event logs. Other options like SSH, SNMP, and SMTP are not designed for this purpose.

Question 7 of 31

Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?

Eight results will be displayed.

Four results will be displayed.

Two results will be displayed.

Unique attributes cannot be grouped.

Correct Answer: B

When events are grouped by Event Receive Time, Reporting IP, and User attributes, the number of unique combinations of these three attributes determine the number of results. From the given exhibit, the unique combinations are: (09:12:11, 10.10.10.10, Ryan), (09:12:56, 10.10.10.11, John), (09:15:56, 10.10.10.10, Ryan), (09:20:01, 10.10.10.10, Paul), (10:10:43, 10.10.10.11, Ryan), (10:45:08, 10.10.10.11, Wendy), (11:23:33, 10.10.10.10, Ryan), and (12:05:52, 10.10.10.10, Ryan). There are eight events listed, but there are four unique groups: (10.10.10.10, Ryan), (10.10.10.11, John), (10.10.10.10, Paul), and (10.10.10.11, Wendy). Therefore, four results will be displayed.

Question 8 of 31

Which protocol is almost always required for the FortiSIEM GUI discovery process?

SNMP

WMI

Syslog

Telnet

Correct Answer: A

SNMP, or Simple Network Management Protocol, is almost always required for the FortiSIEM GUI discovery process. This protocol is widely used for network management and monitoring devices on IP networks. It enables FortiSIEM to discover and collect data from various network devices, which is essential for building an accurate and comprehensive inventory.

Question 9 of 31

To determine SNMP discovery issues, which is the best command from the backend?

snmpwalk

phSNMPTest

snmptest

ssh

Correct Answer: A

The most suitable command for determining SNMP discovery issues from the backend is 'snmpwalk'. This command is widely used to query a network device for a list of SNMP data points, helping diagnose and troubleshoot SNMP configurations. 'snmpwalk' retrieves a subtree of management values using SNMP GETNEXT requests, which is essential for identifying SNMP discovery issues. Other options like 'phSNMPTest', 'snmptest', and 'ssh' are either less common or not specifically designed for this purpose.

Question 10 of 31

An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

PH_DEV_MON_PROC_STOP

Postfix-Mail-Stop

Generic_SMTP_Process_Exit

PH_DEV_MON_SMTP_STOP

Correct Answer: A

If the SMTP process on a Linux server is defined as critical and is stopped, FortiSIEM would generate a critical event with the event type PH_DEV_MON_PROC_STOP. This event type is used to indicate the stopping of any critical process.