Download NSE 5 - FortiSIEM 5.2.NSE5_FSM-5.2.ExamTopics.2026-04-26.31q.tqb

Vendor: Fortinet
Exam Code: NSE5_FSM-5.2
Exam Name: NSE 5 - FortiSIEM 5.2
Date: Apr 26, 2026
File Size: 648 KB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
What are the minimum memory requirements for the FortiSIEM supervisor virtual appliance, when the proprietary flat file database is used?
  1. 16GB RAM
  2. 32GB RAM
  3. 64GB RAM
  4. 24GB RAM
Correct answer: B
Question 2
Refer to the exhibit.
A FortiSIEM administrator wants to group some attributes for a report, but is not able to do so successfully.
As shown in the exhibit, why are some of the fields highlighted in red?
  1. The Event Receive Time attribute is not available for logs.
  2. The attribute COUNT (Matched event) is an invalid expression.
  3. Unique attributes cannot be grouped.
  4. No RAW Event Log attribute is available for devices.
Correct answer: C
Question 3
What is a prerequisite for FortiSIEM Linux agent installation?
  1. The web server must be installed on the Linux server being monitored
  2. The audit service must be installed on the Linux server being monitored
  3. The Linux agent manager server must be installed.
  4. Both the web server and the audit service must be installed on the Linux server being monitored
Correct answer: D
Question 4
In the advanced analytical rules engine in FortiSIEM, multiple subpatterns can be referenced using which three operations? (Choose three.)
  1. ELSE
  2. NOT
  3. FOLLOWED_BY
  4. OR
  5. AND
Correct answer: A, B, E
Question 5
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices.
Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?
  1. CMBD Reports Conditions
  2. Data Conditions
  3. UI Access
Correct answer: B
Question 6
What are the four categories of incidents?
  1. Devices, users, high risk, and low risk
  2. Performance, availability, security, and change
  3. Performance, devices, high risk, and low risk
  4. Security, change, high risk, and low risk
Correct answer: B
Question 7
What protocol can be used to collect Windows event logs in an agentless method?
  1. SSH
  2. SNMP
  3. WMI
  4. SMTP
Correct answer: C
Question 8
Which discovery scan type is prone to miss a device, if the device is quiet and the entry foe that device is not present in the ARP table of adjacent devices?
  1. CMDB scan
  2. L2 scan
  3. Range scan
  4. Smart scan
Correct answer: D
Question 9
If a performance rule is triggered repeatedly due to high CPU use, what occurs m the incident table?
  1. A new incident is created each time the rule is triggered and the First Seen and Last Seen times are updated.
  2. The incident status changes to Repeated and the First Seen and Last Seen times are updated.
  3. A new incident is created based on the Rule Frequency value and the First Seen and Last Seen times are updated.
  4. The Incident Count value increases and the First Seen and Last Seen times are updated.
Correct answer: A
Question 10
Device discovery information is stored in which database?
  1. CMDB
  2. Profile DB
  3. Event DB
  4. SVN DB
Correct answer: A
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!