Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE5_FSM-6.3

Free NSE5_FSM-6.3 Exam Braindumps (page: 6)

Page 5 of 17
PDF with 63 Questions

Refer to the exhibit.



If events are grouped by User. Source IP. and Application Category attributes in FortiSiEM. how many results will be displayed?

  1. Three results will be displayed.
  2. Five results will be displayed.
  3. No results will be displayed.
  4. Seven results will be displayed.

Answer(s): B

Explanation:

Grouping Events in FortiSIEM: Grouping events by specific attributes allows for the aggregation of similar events, providing clearer insights and reducing clutter. Grouping Criteria: For this question, events are grouped by "User," "Source IP," and "Application Category."
Unique Combinations Analysis:
Ryan, 1.1.1.1, Web App (appears multiple times but is one unique combination) John, 5.5.5.5, DB
Paul, 3.3.2.1, Web App
Ryan, 1.1.1.15, DB
Wendy, 1.1.1.6, DB
Result Calculation: There are five unique combinations in the provided data based on the specified grouping attributes.


Reference:

FortiSIEM 6.3 User Guide, Event Management and Reporting sections, which explain how to group events by various attributes for analysis and reporting purposes.



If a performance rule is triggered repeatedly due to high CPU use, what occurs in the incident table?

  1. A now incident is created each time the rule is triggered. and the First Seen and Last Seen times are updated.
  2. A new incident is created based on the Rule Frequency value, and the First Seen and Last Seen times ate updated.
  3. The Incident Count value increases, and the First Seen and Last Seen times update.
  4. The incident status changes to Repeated, and the First Seen and Last Seen times are updated.

Answer(s): C

Explanation:

Incident Management in FortiSIEM: FortiSIEM tracks incidents and their occurrences to help administrators manage and respond to recurring issues. Performance Rule Triggering: When a performance rule, such as one for high CPU usage, is repeatedly triggered, FortiSIEM updates the corresponding incident rather than creating a new one each time.
Incident Table Updates:
Incident Count: The Incident Count value increases each time the rule is triggered, indicating how many times the incident has occurred.
First Seen and Last Seen Times: These timestamps are updated to reflect the first occurrence and the most recent occurrence of the incident.


Reference:

FortiSIEM 6.3 User Guide, Incident Management section, explains how FortiSIEM handles recurring incidents and updates the incident table accordingly.



Which process converts raw log data to structured data?

  1. Data classification
  2. Data validation
  3. Data parsing
  4. Data enrichment

Answer(s): C

Explanation:

Raw Log Data: When devices send logs to FortiSIEM, the data arrives in a raw, unstructured format. Data Parsing Process: The process that converts this raw log data into a structured format is known as data parsing.
Data Parsing: This involves extracting relevant fields from the raw log entries and organizing them into a structured format, making the data usable for analysis, reporting, and correlation. Significance of Structured Data: Structured data is essential for effective event correlation, alerting, and generating meaningful reports.


Reference:

FortiSIEM 6.3 User Guide, Data Parsing section, which details how raw log data is transformed into structured data through parsing.



Refer to the exhibits.





Three events are collected over a 10-minute time period from two servers: Server A and Server B. Based on the settings tor the rule subpattern. how many incidents will the servers generate?

  1. Server A will generate one incident and Server B will generate one incident.
  2. Server A will generate one incident and Server B will not generate any incidents.
  3. Server B will generate one incident and Server A will not generate any incidents.
  4. Server A will not generate any incidents and Server B will not generate any incidents.

Answer(s): D

Explanation:

Event Collection Overview: The exhibits show three events collected over a 10-minute period from two servers, Server A and Server B.
Rule Subpattern Settings: The rule subpattern specifies two conditions:
AVG(CPU Util) > DeviceToCMDBAttr(Host IP : Server CPU Util Critical Threshold): This checks if the average CPU utilization exceeds the critical threshold defined for each server. COUNT(Matched Events) >= 2: This requires at least two matching events within the specified period.
Server A Analysis:
Events: Three events (CPU=90, CPU=90, CPU=95).
Average CPU Utilization: (90+90+95)/3 = 91.67, which exceeds the critical threshold of 90. Matched Events Count: 3, which meets the condition of being greater than or equal to 2. Incident Generation: Server A meets both conditions, so it generates one incident.
Server B Analysis:
Events: Three events (CPU=70, CPU=50, CPU=60).
Average CPU Utilization: (70+50+60)/3 = 60, which does not exceed the critical threshold of 90. Matched Events Count: 3, but since the average CPU utilization condition is not met, no incident is generated.
Conclusion: Based on the rule subpattern, Server A will generate one incident, and Server B will not generate any incidents.


Reference:

FortiSIEM 6.3 User Guide, Event Correlation Rules and Incident Management sections, which explain how incidents are generated based on rule subpatterns and event conditions.






Post your Comments and Discuss Fortinet NSE5_FSM-6.3 exam with other Community members: