New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Exam Practice Test

Page: 1 / 14
Total 137 questions

Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which statement about sending notifications with incident updates is true?

Options:

A.

Notifications can be sent only when an incident is created or deleted.

B.

You must configure an output profile to send notifications by email.

C.

Each incident can send notifications to a single external platform.

D.

Each connector used can have different notification settings.

Question 2

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

Options:

A.

Principal

B.

Service provider

C.

Identity collector

D.

Identity provider

Question 3

What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?

Options:

A.

Log correlation

B.

Host name resolution

C.

Log collection

D.

Real-time forwarding

Question 4

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

Options:

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Question 5

Which two statements about log forwarding are true? (Choose two.)

Options:

A.

Forwarded logs cannot be filtered to match specific criteria.

B.

Logs are forwarded in real-time only.

C.

The client retains a local copy of the logs after forwarding.

D.

You can use aggregation mode only with another FortiAnalyzer.

Question 6

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

A remote LDAP server

C.

A trusted host profile that restricts access to the LDAP group

D.

An administrator group

Question 7

In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to

a hostname. How can you resolve the source and destination IPs, without introducing any additional

performance impact to FortiAnalyzer?

Options:

A.

Configure local DNS servers on FortiAnalyzer

B.

Resolve IPs on FortiGate

C.

Configure # set resolve-ip enable in the system FortiView settings

D.

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Question 8

Which two statements are true regarding fabric connectors? (Choose two.)

Options:

A.

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

B.

Fabric connectors allow to save storage costs and improve redundancy.

C.

Storage connector service does not require a separate license to send logs to cloud platform.

D.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

Question 9

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

Options:

A.

Success

B.

Failed

C.

Running

D.

Upstream_failed

Question 10

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

Options:

A.

A FortiGate ADOM

B.

The FortiGate serial number

C.

A pre-shared key

D.

Valid FortiAnalyzer credentials

Question 11

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Question 12

Refer to the exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Question 13

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

Options:

A.

Antivirus logs

B.

Web filter logs

C.

IPS logs

D.

Application control logs

Question 14

View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

Options:

A.

The disk quota for the FortiAnalyzer model

B.

The disk quota for all devices in the ADOM

C.

The disk quota for each device in the ADOM

D.

The disk quota for the ADOM type

Question 15

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on

FortiAnalyzer has failed.

What is the recommended method to replace the disk?

Options:

A.

Shut down FortiAnalyzer and then replace the disk

B.

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

C.

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

D.

Perform a hot swap

Question 16

Which statement is true about sending notifications with incident updates?

Options:

A.

Notifications can be sent only when an incident is updated or deleted.

B.

If you use multiple fabric connectors, all connectors must have the same notification settings

C.

Notifications can be sent only by email.

D.

You can send notifications to multiple external platforms

Question 17

What must you consider when using log fetching? (Choose two.)

Options:

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Question 18

What are analytics logs on FortiAnalyzer?

Options:

A.

Log type Traffic logs.

B.

Logs that roll over when the log file reaches a specific size.

C.

Logs that are indexed and stored in the SQL.

D.

Raw logs that are compressed and saved to a log file.

Question 19

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Question 20

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Options:

A.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.

FortiAnalyzer flags the associated host for further analysis.

C.

A new Infected entry is added for the corresponding endpoint.

D.

The detection engine classifies those logs as Suspicious

Question 21

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Question 22

What are two benefits of using fabric connectors? (Choose two.)

Options:

A.

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

B.

You do not need an additional license to send logs to the cloud platform.

C.

Fabric connectors allow you to improve redundancy.

D.

Using fabric connectors is more efficient than using third-party polling with API.

Question 23

An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email.

What could be the problem?

Options:

A.

Fortinet is assigned the Standard_ User administrator profile.

B.

A trusted host is configured.

C.

ADOM mode is configured with Advanced mode.

D.

Fortinet is assigned the Restricted_ User administrator profile.

Question 24

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices arenotresolving to a hostname.

How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

Options:

A.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B.

Configure# set resolve-ip enablein the system FortiView settings

C.

Configure local DNS servers on FortiAnalyzer

D.

Resolve IP addresses on FortiGate

Question 25

Which statement describes a dataset in FortiAnalyzer?

Options:

A.

They determine what data is retrieved from the database.

B.

They provide the layout used for reports.

C.

They are used to set the data included in templates.

D.

They define the chart types to be used in reports.

Question 26

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

Options:

A.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Question 27

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.

What can you do on FortiAnalyzer to accomplish this?

Options:

A.

Click FortiView and generate a report for that administrator.

B.

Click Task Monitor and view the tasks performed by that administrator.

C.

Click Log View and generate a report for that administrator.

D.

View the tasks performed by the rogue administrator in Fabric View.

Question 28

In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)

Options:

A.

Remote logging must be enabled on FortiGate

B.

Log encryption must be enabled

C.

ADOMs must be enabled

D.

FortiGate must be registered with FortiAnalyzer

Question 29

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

Options:

A.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

B.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

C.

Use the execute sql-report run ADOM1 command to run a report.

D.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

Question 30

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

Options:

A.

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.

Disk logging is enabled on the FortiGate through the CLI only.

E.

Disk logging is enabled by default on the FortiGate.

Question 31

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose

two.)

Options:

A.

License type

B.

Disk size

C.

Total quota

D.

RAID level

Question 32

Which two statements are true regarding the outbreak detection service? (Choose two.)

Options:

A.

New alerts are received by email.

B.

Outbreak alerts are available on the root ADOM only.

C.

An additional license is required.

D.

It automatically downloads new event handlers and reports.

Question 33

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

Options:

A.

System information

B.

Logs from registered devices

C.

Report information

D.

Database snapshot

Question 34

Which statement correctly describes the management extensions available on FortiAnalyzer?

Options:

A.

Management extensions do not require additional licenses.

B.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

C.

Management extensions require a dedicated VM for best performance.

D.

Management extensions may require a minimum number of CPU cores to run.

Question 35

What can the CLI command # diagnose test application oftpd 3 help you to determine?

Options:

A.

What devices and IP addresses are connecting to FortiAnalyzer

B.

What logs, if any, are reaching FortiAnalyzer

C.

What ADOMs are enabled and configured

D.

What devices are registered and unregistered

Question 36

What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server?

(Choose two.)

Options:

A.

SFTP, FTP, or SCP server

B.

Mail server

C.

Output profile

D.

Report scheduling

Question 37

What are two advantages of setting up fabric ADOM? (Choose two.)

Options:

A.

It can be used for fast data processing and log correlation

B.

It can be used to facilitate communication between devices in same Security Fabric

C.

It can include all Fortinet devices that are part of the same Security Fabric

D.

It can include only FortiGate devices that are part of the same Security Fabric

Question 38

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data

policy.

What is the most likely problem?

Options:

A.

CPU resources are too high

B.

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.

The total disk space is insufficient and you need to add other disk

D.

The ADOM disk quota is set too low, based on log rates

Question 39

When you perform a system backup, what does the backup configuration contain? (Choose two.)

Options:

A.

Generated reports

B.

Device list

C.

Authorized devices logs

D.

System information

Question 40

What is the purpose of using prefilters when configuring event handlers?

Options:

A.

They limit which logs are checked for matches by the other filters.

B.

They can filter the logs before they are processed by FortiAnalyzer

C.

They download new filters to be used in event handlers.

D.

They are common filters applied simultaneously to all event handlers.

Question 41

What statements are true regarding disk log quota? (Choose two)

Options:

A.

The FortiAnalyzer stops logging once the disk log quota is met.

B.

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Page: 1 / 14
Total 137 questions