New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Exam Practice Test

Demo: 41 questions
Total 137 questions

Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Question 1

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

Options:

A.

Virtual domains

B.

Administrative access profiles

C.

Trusted hosts

D.

Security Fabric

Question 2

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Options:

A.

Both modes, forwarding and aggregation, support encryption of logs between devices.

B.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

C.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

D.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Question 3

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the

purpose of running the following CLI command?

execute sql-local rebuild-adom

Options:

A.

To reset the disk quota enforcement to default

B.

To remove the analytics logs of the device from the old database

C.

To migrate the archive logs to the new ADOM

D.

To populate the new ADOM with analytical logs for the moved device, so you can run reports

Question 4

In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)

Options:

A.

Remote logging must be enabled on FortiGate

B.

Log encryption must be enabled

C.

ADOMs must be enabled

D.

FortiGate must be registered with FortiAnalyzer

Question 5

When working with FortiAnalyzer reports, what is the purpose of a dataset?

Options:

A.

To provide the layout used for reports

B.

To define the chart type to be used

C.

To retrieve data from the database

D.

To set the data included in templates

Question 6

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

Options:

A.

The total disk space is insufficient and you need to add other disk.

B.

CPU resources are too high.

C.

The ADOM disk quota is set too low based on log rates.

D.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Question 7

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on

FortiAnalyzer has failed.

What is the recommended method to replace the disk?

Options:

A.

Shut down FortiAnalyzer and then replace the disk

B.

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

C.

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

D.

Perform a hot swap

Question 8

Which statement describes a dataset in FortiAnalyzer?

Options:

A.

They determine what data is retrieved from the database.

B.

They provide the layout used for reports.

C.

They are used to set the data included in templates.

D.

They define the chart types to be used in reports.

Question 9

Which two methods can you use to send event notifications when an event occurs that matches a configured

event handler? (Choose two.)

Options:

A.

SMS

B.

Email

C.

SNMP

D.

IM

Question 10

Which log will generate an event with the status Contained?

Options:

A.

An IPS log with action=pass.

B.

A WebFilter log with action=dropped.

C.

An AV log with action=quarantine.

D.

An AppControl log with action=blocked.

Question 11

View the exhibit.

What does the data point at 14:35 tell you?

Options:

A.

FortiAnalyzer is dropping logs.

B.

FortiAnalyzer is indexing logs faster than logs are being received.

C.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

D.

The sqlplugind daemon is ahead in indexing by one log.

Question 12

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

Options:

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Question 13

On the RAID management page, the disk status is listed asInitializing.

What does the statusInitializingindicate about what the FortiAnalyzer is currently doing?

Options:

A.

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

B.

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

C.

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

D.

FortiAnalyzer is functioning normally

Question 14

Which two purposes does the auto cache setting on reports serve? (Choose two.)

Options:

A.

It automatically updates the hcache when new logs arrive.

B.

It provides diagnostics on report generation time.

C.

It reduces the log insert lag rate.

D.

It reduces report generation time.

Question 15

Refer to the exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzerl and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

All devices listed can be members

D.

FortiAnalyzer2 and FortiAnalyzer3

Question 16

How can you configure FortiAnalyzer to permit administrator logins from only specific locations?

Options:

A.

Use static routes

B.

Use administrative profiles

C.

Use trusted hosts

D.

Use secure protocols

Question 17

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?

Options:

A.

Hot swap the disk.

B.

There is no need to do anything because the disk will self-recover.

C.

Run execute format disk to format and restart the FortiAnalyzer device.

D.

Shut down FortiAnalyzer and replace the disk

Question 18

Which statement about the FortiSIEM management extension is correct?

Options:

A.

Allows you to manage the entire life cycle of a threat or breach.

B.

Its use of the available disk space is capped at 50%.

C.

It requires a licensed FortiSIEM supervisor.

D.

It can be installed as a dedicated VM.

Question 19

What are two of the key features of FortiAnalyzer? (Choose two.)

Options:

A.

Centralized log repository

B.

Cloud-based management

C.

Reports

D.

Virtual domains (VDOMs)

Question 20

Which statement correctly describes the management extensions available on FortiAnalyzer?

Options:

A.

Management extensions do not require additional licenses.

B.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

C.

Management extensions require a dedicated VM for best performance.

D.

Management extensions may require a minimum number of CPU cores to run.

Question 21

What are the operating modes of FortiAnalyzer? (Choose two)

Options:

A.

Standalone

B.

Manager

C.

Analyzer

D.

Collector

Question 22

An administrator has configured the following settings:

config system global

set log-checksum md5-auth

end

What is the significance of executing this command?

Options:

A.

This command records the log file MD5 hash value.

B.

This command records passwords in log files and encrypts them.

C.

This command encrypts log transfer between FortiAnalyzer and other devices.

D.

This command records the log file MD5 hash value and authentication code.

Question 23

Refer to the exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Question 24

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

Options:

A.

Antivirus logs

B.

Web filter logs

C.

IPS logs

D.

Application control logs

Question 25

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Question 26

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Question 27

Refer to the exhibit.

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

Options:

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Question 28

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Question 29

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

Options:

A.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Question 30

An administrator has moved FortiGate A from the root ADOM to ADOM1.

Which two statements are true regarding logs? (Choose two.)

Options:

A.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.

Logs will be presented in both ADOMs immediately after the move.

D.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Question 31

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

Options:

A.

Use this command only if the source IP addresses are not resolved on FortiGate.

B.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Question 32

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

Options:

A.

SSL is the default setting.

B.

SSL communications are auto-negotiated between the two devices.

C.

SSL can send logs in real-time only.

D.

SSL encryption levels are globally set on FortiAnalyzer.

E.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Question 33

Which statement is true about sending notifications with incident updates?

Options:

A.

Notifications can be sent only when an incident is updated or deleted.

B.

If you use multiple fabric connectors, all connectors must have the same notification settings

C.

Notifications can be sent only by email.

D.

You can send notifications to multiple external platforms

Question 34

Refer to the exhibit.

What does the data point at 14:55 tell you?

Options:

A.

The received rate is almost at its maximum for this device

B.

The sqlplugind daemon is behind in log indexing by two logs

C.

Logs are being dropped

D.

Raw logs are reaching FortiAnalyzer faster than they can be indexed

Question 35

What statements are true regarding disk log quota? (Choose two)

Options:

A.

The FortiAnalyzer stops logging once the disk log quota is met.

B.

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Question 36

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

Options:

A.

The size of newly generated reports is optimized to conserve disk space.

B.

FortiAnalyzer local cache is used to store generated reports.

C.

When new logs are received, the hard-cache data is updated automatically.

D.

The generation time for reports is decreased.

Question 37

What must you consider when using log fetching? (Choose two.)

Options:

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Question 38

How does FortiAnalyzer retrieve specific log data from the database?

Options:

A.

SQL FROM statement

B.

SQL GET statement

C.

SQL SELECT statement

D.

SQL EXTRACT statement

Question 39

Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.

What can you conclude from the configuration displayed?

Options:

A.

This FortiAnalyzer will join to the existing HA cluster as the primary.

B.

This FortiAnalyzer is configured to receive logs in its port1.

C.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

D.

After joining to the cluster, this FortiAnalyzer will keep an updated log database.

Question 40

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

Options:

A.

Principal

B.

Service provider

C.

Identity collector

D.

Identity provider

Question 41

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

Options:

A.

To upload logs to an SFTP server

B.

To prevent log modification during backup

C.

To send an identical set of logs to a second logging server

D.

To encrypt log communication between devices

Demo: 41 questions
Total 137 questions