Fortinet NSE 6 - FortiSIEM 7.4 Analyst (NSE6_FSM_AN-7.4) Free Practice Test

Question 1

Refer to the exhibit.

An analyst wants the rule shown in the exhibit to trigger when three failed login attempts occur within three minutes.
What should the values be for the condition time window and aggregate count?

A. Time window 180 seconds, aggregate count 3

B. Time window 90 seconds, aggregate count 2

C. Time window 180 seconds, aggregate count 2

D. Time window 90 seconds, aggregate count 3

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Refer to the exhibit.

FortiSIEM is receiving syslog events from a firewall.
You are trying to search raw event logs for traffic from the last two hours that contain the keyword
"UDP". However, you are getting no results from the search.
Based on the filter shown in the exhibit, why are you getting no search results?

A. The = operator in the Operator column is the wrong operator for this type of search.

B. You can perform raw event log searches using only an Event Keyword search.

C. The AND operator in the Next column is the wrong operator for this type of search.

D. You are using udp in the Value field, but you must use UDP.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Refer to the exhibit. What is the Group: VPN Gateway value referring to?

A. A FortiGate address group

B. A watchlist

C. An authentication user group

D. A CMDB device group

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Refer to the exhibit. If you group these events by the Reporting IP, Event Type, and User attributes, how many results will FortiSIEM display?

A. Two

B. Three

C. Five

D. Six

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

What are two required components in a rule? (Choose two.)

A. Tag

B. Detection technology

C. Clear policy

D. Subpattern

Correct Answer: C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Refer to the exhibit. When the subpattern is matched, what does the time condition of 60 seconds mean?

A. The rule engine will evaluate events every 60 seconds looking for the subpattern.

B. The subpattern must be matched at least twice within 60 seconds to trigger this rule.

C. The rule will trigger remediation actions every 60 seconds when the subpattern is triggered.

D. It is the time period over which the rule will aggregate and evaluate events.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Which two types of information can FortiSIEM retrieve from FortiClient EMS through an external connection? (Choose two.)

A. Devices with FortiSIEM agents

B. Zero trust network access (ZTNA) tags

C. Vulnerability scan events

D. Device login credentials

Correct Answer: B,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Fortinet NSE 6 - FortiSIEM 7.4 Analyst (NSE6_FSM_AN-7.4) Free Practice Test