Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Fortinet Exam NSE5_FSM-6.3 Topic 2 Question 19 Discussion

Actual exam question for Fortinet's NSE5_FSM-6.3 exam

Question #: 19
Topic #: 2

[All NSE5_FSM-6.3 Questions]

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

Based on the selected filters shown in the exhibit, why are there no search results?

AThe keyword is case sensitive Instead of typing TCP in the Value field. the administrator should type tcp.

BIn the Time section, the administrator selected the Relative Last option, and in the drop-down lists, selected 2 and Hours as the lime period The time period should be 24 hours.

CThe administrator selected - in the Operator column That a the wrong operator.

DThe administrator selected AND in the Next drop-down list. This is the wrong boolean operator.

Show Suggested Answer

Suggested Answer: D

Search Filters in FortiSIEM: When searching for specific events, administrators can use various attributes to filter the results.

Attribute for Agent Events: To view events received specifically from Linux and Windows agents, the attribute External Event Receive Agents should be used.

Function: This attribute filters events that are received from agents, distinguishing them from events received through other protocols or sources.

Search Efficiency: Using this attribute helps the administrator focus on events collected by FortiSIEM agents, making the search results more relevant and targeted.

Reference: FortiSIEM 6.3 User Guide, Event Search and Filters section, which describes the available attributes and their usage for filtering search results.

by Thomasena at Jan 14, 2025, 03:47 AM

Limited Time Offer

25%

Off

Get Premium NSE5_FSM-6.3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jina

2 months ago

The administrator must have been channeling their inner Sherlock Holmes, trying to solve the case of the missing search results. Maybe they should have tried the elementary technique of checking their work.

upvoted 0 times

Dominic

1 months ago

In the Time section, they should select 24 hours instead of 2 hours.

upvoted 0 times

...

Vallie

1 months ago

The keyword is case sensitive. They should type tcp instead of TCP.

upvoted 0 times

...

...

Nathalie

2 months ago

Selecting 'AND' in the Next drop-down list? That's like trying to bake a cake with a wrench. Talk about using the wrong tool for the job!

upvoted 0 times

Chauncey

14 days ago

User3: The administrator should have chosen a different boolean operator.

upvoted 0 times

...

Thurman

24 days ago

User2: Agreed, it's like using a wrench to bake a cake.

upvoted 0 times

...

Aja

1 months ago

User1: Yeah, selecting 'AND' was definitely not the right move.

upvoted 0 times

...

...

Chandra

2 months ago

The wrong operator in the Operator column? That's like trying to catch a fish with a hammer. I hope the administrator didn't drop the ball on this one.

upvoted 0 times

...

Leonora

2 months ago

Ah, the classic time period blunder. The administrator should have selected 'Last 24 hours' instead of 'Relative Last 2 hours'. Time flies when you're not watching the clock!

upvoted 0 times

...

Ruth

2 months ago

Hmm, that makes sense. Maybe we should double check the filters and make the necessary adjustments.

upvoted 0 times

...

Kattie

2 months ago

I disagree, I believe the issue is with the time period selected. It should be 24 hours instead of 2.

upvoted 0 times

...

Ruth

2 months ago

I think the reason there are no search results is because the keyword is case sensitive.

upvoted 0 times

...

Audrie

2 months ago

The keyword is case-sensitive, so the administrator should type 'tcp' instead of 'TCP'. Rookie mistake!

upvoted 0 times

Pedro

1 months ago

User4: And they also selected the wrong boolean operator. It should be OR instead of AND.

upvoted 0 times

...

Renay

2 months ago

User3: In the Time section, they selected the wrong time period. It should be 24 hours.

upvoted 0 times

...

Shawnda

2 months ago

User2: Yeah, that's a common mistake. It needs to be lowercase.

upvoted 0 times

...

Myra

2 months ago

User1: The keyword is case sensitive. They should type 'tcp' instead of 'TCP.

upvoted 0 times

...

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77