CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE5_FSM-6.3

Free NSE5_FSM-6.3 Exam Braindumps (page: 5)

Page 4 of 14
PDF with 50 Questions

FortiSIEM is deployed in disaster recovery mode.
When disaster strikes, which two tasks must you perform manually to achieve a successful disaster recovery operation? (Choose two.)

  1. Promote the secondary workers to the primary rotes using the phSecworker2priworker command.
  2. Promote the secondary supervisor to the primary role using the phSecondary2primary command.
  3. Change the DNS configuration to ensure that users, devices, and collectors log in to the secondary FortiSIEM.
  4. Change the configuration for shared storage NFS configured for EventDB to the secondary FortiSIEM.

Answer(s): B,C

Explanation:

Disaster Recovery Mode: FortiSIEM's disaster recovery (DR) mode ensures that there is a backup system ready to take over in case the primary system fails. Manual Tasks for DR Operation: In the event of a disaster, certain tasks must be performed manually to ensure a smooth transition to the secondary system.
Promoting the Secondary Supervisor:
Use the command phSecondary2primary to promote the secondary supervisor to the primary role. This command reconfigures the secondary supervisor to take over as the primary supervisor, ensuring continuity in management and coordination.
Changing DNS Configuration:
Update the DNS configuration to direct all users, devices, and collectors to the secondary FortiSIEM instance. This ensures that all components in the environment can communicate with the newly promoted primary supervisor without manual reconfiguration of individual devices. Reference:
FortiSIEM 6.3 Administration Guide, Disaster Recovery section, provides detailed steps on promoting the secondary supervisor and updating DNS configurations during a disaster recovery operation.



IF the reported packet loss is between 50% and 98%. which status is assigned to the device in the Availability column of summary dashboard?

  1. Up status is assigned because of received packets.
  2. Critical status is assigned because of reduction in number of packets received.
  3. Degraded status is assigned because of packet loss
  4. Down status is assigned because of packet loss.

Answer(s): C

Explanation:

Device Status in FortiSIEM: FortiSIEM assigns different statuses to devices based on their operational state and performance metrics.
Packet Loss Impact: The reported packet loss percentage directly influences the status assigned to a device. Packet loss between 50% and 98% indicates significant network issues that affect the device's performance.
Degraded Status: When packet loss is between 50% and 98%, FortiSIEM assigns a "Degraded" status to the device. This status indicates that the device is experiencing substantial packet loss, which impairs its performance but does not render it completely non-functional. Reasoning: The "Degraded" status helps administrators identify devices with serious performance issues that need attention but are not entirely down. Reference:
FortiSIEM 6.3 User Guide, Device Availability and Status section, explains the criteria for assigning different statuses based on performance metrics such as packet loss.



An administrator is configuring FortiSIEM to discover network devices and receive syslog from network devices.
Which statement is correct?

  1. FortiSIEM uses privileged credentials to tog in to devices and make network configuration changes.
  2. FortiSIEM automatically configures network devices to send syslog using the auto log discovery process.
  3. FortiSIEM automatically configures network devices to send syslog using the GUI discovery process
  4. Syslog configuration must be done manually on devices by the network administrator.

Answer(s): D

Explanation:

Syslog Configuration in FortiSIEM: For FortiSIEM to receive syslog messages from network devices, those devices need to be properly configured to send syslog data to FortiSIEM. Manual Configuration Requirement: FortiSIEM does not automatically configure network devices to send syslog messages. Instead, this configuration must be performed manually by the network administrator.
Process Overview: The network administrator must access each device and set up the syslog parameters to direct log data to the FortiSIEM collector's IP address. Discovery Process: While FortiSIEM can discover network devices using SNMP, WMI, and other protocols, the configuration of syslog on these devices is beyond its scope and requires manual intervention.


Reference:

FortiSIEM 6.3 User Guide, Device Configuration and Syslog Integration sections, which explain the requirements and steps for setting up syslog forwarding on network devices.



Refer to the exhibit.



It events are grouped by Event Type and User attributes in FortiSIEM. how many results will be displayed?

  1. Four results will be displayed.
  2. Eight results will be displayed.
  3. Two results will be displayed.
  4. No results will be displayed.

Answer(s): A

Explanation:

Grouping Events in FortiSIEM: Grouping events by specific attributes allows administrators to aggregate and analyze data more efficiently.
Grouping Criteria: In this case, the events are grouped by "Event Type" and "User" attributes. Unique Combinations: To determine the number of results displayed, identify the unique combinations of the "Event Type" and "User" attributes in the provided data. Failed Logon by Ryan (appears multiple times but is one unique combination) Failed Logon by John
Failed Logon by Paul
Failed Logon by Wendy
Unique Groupings: There are four unique groupings based on the given data: "Failed Logon" by "Ryan", "John", "Paul", and "Wendy".


Reference:

FortiSIEM 6.3 User Guide, Event Management and Reporting sections, which explain how events are grouped and reported based on selected attributes.






Post your Comments and Discuss Fortinet NSE5_FSM-6.3 exam with other Community members:

NSE5_FSM-6.3 Discussions & Posts