Fortinet NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Exam Practice Test

Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

Principal

Service provider

Identity collector

Identity provider

Log correlation

Host name resolution

Log collection

Real-time forwarding

ADOMs are enabled by default.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

All administrators can create ADOMs--not just the admin administrator.

Forwarded logs cannot be filtered to match specific criteria.

Logs are forwarded in real-time only.

The client retains a local copy of the logs after forwarding.

You can use aggregation mode only with another FortiAnalyzer.

A local wildcard administrator account

A remote LDAP server

A trusted host profile that restricts access to the LDAP group

An administrator group

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

Fabric connectors allow to save storage costs and improve redundancy.

Storage connector service does not require a separate license to send logs to cloud platform.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

Success

Failed

Running

Upstream_failed

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

This feature allows you to build a chart under FortiView.

You can add charts to generated reports using this feature.

The performance of FortiAnalyzer is below the baseline.

FortiAnalyzer is using its cache to avoid dropping logs.

The log insert lag time is increasing.

The sqlplugind service is caught up with new logs.

Antivirus logs

Web filter logs

IPS logs

Application control logs

The disk quota for the FortiAnalyzer model

The disk quota for all devices in the ADOM

The disk quota for each device in the ADOM

The disk quota for the ADOM type

Shut down FortiAnalyzer and then replace the disk

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

Perform a hot swap

Notifications can be sent only when an incident is updated or deleted.

If you use multiple fabric connectors, all connectors must have the same notification settings

Notifications can be sent only by email.

You can send notifications to multiple external platforms

The fetch client can retrieve logs from devices that are not added to its local Device Manager

You can use filters to include only logs from a single device.

The fetching profile must include a user with the Super_User profile.

The archive logs retrieved from the server become archive logs in the client.

Log type Traffic logs.

Logs that roll over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL.

Raw logs that are compressed and saved to a log file.

An account that permits access to members of an LDAP group

An account that allows guest access with read-only privileges

An account that requires two-factor authentication

An account that validates against any user account on a FortiAuthenticator

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

FortiAnalyzer flags the associated host for further analysis.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious

Mail server

Output profile

SFTP server

Report scheduling

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

Fortinet is assigned the Standard_ User administrator profile.

A trusted host is configured.

ADOM mode is configured with Advanced mode.

Fortinet is assigned the Restricted_ User administrator profile.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure# set resolve-ip enablein the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Click FortiView and generate a report for that administrator.

Click Task Monitor and view the tasks performed by that administrator.

Click Log View and generate a report for that administrator.

View the tasks performed by the rogue administrator in Fabric View.

Remote logging must be enabled on FortiGate

Log encryption must be enabled

ADOMs must be enabled

FortiGate must be registered with FortiAnalyzer

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

Use the execute sql-report run ADOM1 command to run a report.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

Both secure communications methods (SSL and IPsec) allow the store and upload option.

Disk logging is enabled on the FortiGate through the CLI only.

Disk logging is enabled by default on the FortiGate.

License type

Disk size

Total quota

RAID level

New alerts are received by email.

Outbreak alerts are available on the root ADOM only.

An additional license is required.

It automatically downloads new event handlers and reports.

System information

Logs from registered devices

Report information

Database snapshot

Management extensions do not require additional licenses.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

Management extensions require a dedicated VM for best performance.

Management extensions may require a minimum number of CPU cores to run.

What devices and IP addresses are connecting to FortiAnalyzer

What logs, if any, are reaching FortiAnalyzer

What ADOMs are enabled and configured

What devices are registered and unregistered

SFTP, FTP, or SCP server

Mail server

Output profile

Report scheduling

It can be used for fast data processing and log correlation

It can be used to facilitate communication between devices in same Security Fabric

It can include all Fortinet devices that are part of the same Security Fabric

It can include only FortiGate devices that are part of the same Security Fabric

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

Generated reports

Device list

Authorized devices logs

System information

They limit which logs are checked for matches by the other filters.

They can filter the logs before they are processed by FortiAnalyzer

They download new filters to be used in event handlers.

They are common filters applied simultaneously to all event handlers.

The FortiAnalyzer stops logging once the disk log quota is met.

The FortiAnalyzer automatically sets the disk log quota based on the device.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.