What are the four possible incident status values?
Correct Answer: A
Incident Status Values: Incident statuses in FortiSIEM help administrators track and manage the lifecycle of incidents from detection to resolution. Four Possible Status Values: * Active: Indicates that the incident is currently ongoing and needs attention. * Closed: Indicates that the incident has been resolved or addressed. * Cleared: Indicates that the incident has been resolved automatically based on predefined conditions. * Open: Indicates that the incident is acknowledged and under investigation but not yet resolved. Usage: These statuses help in prioritizing and tracking incidents effectively, ensuring that all incidents are appropriately managed. References: FortiSIEM 6.3 User Guide, Incident Management section, which details the different status values and their meanings.
NSE5_FSM-6.3 Exam Question 37
Which two export methods are available for FortiSIEM analytics results? (Choose two.)
Correct Answer: B,D
NSE5_FSM-6.3 Exam Question 38
Refer to the exhibit. A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search. Based on the selected filters shown in the exhibit, why are there no search results?
Correct Answer: A
Case Sensitivity in Searches: In FortiSIEM, search queries, including those for raw event logs, are case sensitive. This means that keywords must be entered exactly as they appear in the logs. Keyword Mismatch: The exhibit shows the keyword "TCP" in the Value field. If the actual events use "tcp" (lowercase), the search will return no results because of the case mismatch. Correct Keyword: To match the keyword correctly, the administrator should enter "tcp" in the Value field. References: FortiSIEM 6.3 User Guide, Search and Filtering section, which discusses the importance of case sensitivity in search queries.
NSE5_FSM-6.3 Exam Question 39
Refer to the exhibit. What do the yellow stars listed in the Monitor column indicate?
Correct Answer: A
Monitor Column Indicators: In FortiSIEM, the Monitor column displays the status of various metrics applied during the discovery process. Yellow Star Meaning: A yellow star next to a metric indicates that the metric was successfully applied during discovery and data has been collected for that metric. Successful Data Collection: This visual indicator helps administrators quickly identify which metrics are active and have data available for analysis. References: FortiSIEM 6.3 User Guide, Device Monitoring section, which explains the significance of different icons and indicators in the Monitor column.
NSE5_FSM-6.3 Exam Question 40
In FortiSIEM enterprise licensing mode, it the link between the collector and data center FortiSlEM cluster is down, what happens?
Correct Answer: D
Enterprise Licensing Mode: In FortiSIEM enterprise licensing mode, collectors are deployed in remote sites to gather and forward data to the central FortiSIEM cluster located in the data center. Collector Functionality: Collectors are responsible for receiving logs, events (e.g., syslog), and performance metrics from devices. Link Down Scenario: When the link between the collector and the FortiSIEM cluster is down, the collector needs a mechanism to ensure no data is lost during the disconnection. Event Buffering: The collector buffers the events locally until the connection is restored, ensuring that no incoming events are lost. This buffered data is then forwarded to the FortiSIEM cluster once the link is re-established. References: FortiSIEM 6.3 User Guide, Data Collection and Buffering section, explains the behavior of collectors during network disruptions.
