Fortinet Exam NSE5_FSM-6.3 Topic 9 Question 10 Discussion

Actual exam question for Fortinet's NSE5_FSM-6.3 exam

Question #: 10
Topic #: 9

[All NSE5_FSM-6.3 Questions]

An administrator wants to search for events received from Linux and Windows agents.

Which attribute should the administrator use in search filters, to view events received from agents only.

AExternal Event Receive Protocol

BEvent Received Proto Agents

CExternal Event Receive Raw Logs

DExternal Event Receive Agents

Show Suggested Answer

Suggested Answer: D

Search Filters in FortiSIEM: When searching for specific events, administrators can use various attributes to filter the results.

Attribute for Agent Events: To view events received specifically from Linux and Windows agents, the attribute External Event Receive Agents should be used.

Function: This attribute filters events that are received from agents, distinguishing them from events received through other protocols or sources.

Search Efficiency: Using this attribute helps the administrator focus on events collected by FortiSIEM agents, making the search results more relevant and targeted.

Reference: FortiSIEM 6.3 User Guide, Event Search and Filters section, which describes the available attributes and their usage for filtering search results.

by Cherry at Sep 10, 2024, 02:22 AM

Limited Time Offer

25%

Off

Get Premium NSE5_FSM-6.3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Glory

2 months ago

I think C) External Event Receive Raw Logs is incorrect, as we specifically want events received from agents.

upvoted 0 times

...

Tiffiny

2 months ago

I'm not sure, but I think C) External Event Receive Raw Logs could also be a possibility.

upvoted 0 times

...

Reita

2 months ago

Option D is definitely the right answer. 'External Event Receive Agents' is the only one that specifically mentions agents, which is what the question is asking about.

upvoted 0 times

Andra

1 months ago

Yes, D) External Event Receive Agents is the attribute that specifies events received from agents.

upvoted 0 times

...

Xochitl

2 months ago

I would go with D) External Event Receive Agents as well.

upvoted 0 times

...

Lavonda

2 months ago

I agree, D) External Event Receive Agents seems to be the correct attribute.

upvoted 0 times

...

Estrella

2 months ago

I think the answer is D) External Event Receive Agents.

upvoted 0 times

...

Eladia

2 months ago

Haha, I bet the exam question writer was having a bit of fun with these options. 'External Event Receive Raw Logs' sounds like something straight out of a bad sci-fi movie!

upvoted 0 times

Leonida

1 months ago

D) External Event Receive Agents

upvoted 0 times

...

Lelia

1 months ago

C) External Event Receive Raw Logs

upvoted 0 times

...

Yvette

2 months ago

B) Event Received Proto Agents

upvoted 0 times

...

Ciara

2 months ago

A) External Event Receive Protocol

upvoted 0 times

...

Buck

3 months ago

I agree with Jettie, because we want to view events received from agents only.

upvoted 0 times

...

Alex

3 months ago

I'm not sure about this one, but I think option B might be the way to go. 'Event Received Proto Agents' sounds like it could be relevant.

upvoted 0 times

Virgie

2 months ago

I agree, let's go with option B and see if it gives us the events received from agents.

upvoted 0 times

...

Elouise

2 months ago

I think option B sounds right. 'Event Received Proto Agents' seems like it could be what we need.

upvoted 0 times

...

Jettie

3 months ago

I think the answer is D) External Event Receive Agents.

upvoted 0 times

...

Marci

3 months ago

Option D seems to be the correct answer. The administrator needs to filter events received from agents, and 'External Event Receive Agents' sounds like the right attribute to use.

upvoted 0 times

Ranee

3 months ago

Yes, 'External Event Receive Agents' should filter events received from agents.

upvoted 0 times

...

Antione

3 months ago

I think option D is the right choice.

upvoted 0 times

...