New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE5_FAZ-7.2 Dumps Questions Answers

Page: 1 / 10
Total 137 questions

Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Question 1

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

Options:

A.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Buy Now
Question 2

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.

What can you do on FortiAnalyzer to accomplish this?

Options:

A.

Click FortiView and generate a report for that administrator.

B.

Click Task Monitor and view the tasks performed by that administrator.

C.

Click Log View and generate a report for that administrator.

D.

View the tasks performed by the rogue administrator in Fabric View.

Question 3

Which statement describes online logs on FortiAnalyzer?

Options:

A.

Logs that reached a specific size and were rolled over

B.

Logs that can be used to create reports

C.

Logs that can be viewed using Log Browse

D.

Logs that are saved to disk, compressed, and available in FortiView

Question 4

Why must you wait for several minutes before you run a playbook that you just created?

Options:

A.

FortiAnalyzer needs that time to parse the new playbook.

B.

FortiAnalyzer needs that time to back up the current playbooks.

C.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

D.

FortiAnalyzer needs that time to debug the new playbook.

Question 5

What does the disk status Degraded mean for RAID management?

Options:

A.

One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.

B.

The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

C.

The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.

D.

The hard driveiIs no longer being used by the RAID controller

Question 6

What must you consider when using log fetching? (Choose two.)

Options:

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Question 7

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

A remote LDAP server

C.

A trusted host profile that restricts access to the LDAP group

D.

An administrator group

Question 8

An administrator has configured the following settings:

config system global

set log-checksum md5-auth

end

What is the significance of executing this command?

Options:

A.

This command records the log file MD5 hash value.

B.

This command records passwords in log files and encrypts them.

C.

This command encrypts log transfer between FortiAnalyzer and other devices.

D.

This command records the log file MD5 hash value and authentication code.

Question 9

What is the purpose of trigger variables?

Options:

A.

To display statistics about the playbook runtime

B.

To use information from the trigger to filter the action in a task

C.

To provide the trigger information to make the playbook start running

D.

To store the start times of playbooks with On_Schedule triggers

Question 10

Which two statements are true regarding the outbreak detection service? (Choose two.)

Options:

A.

New alerts are received by email.

B.

Outbreak alerts are available on the root ADOM only.

C.

An additional license is required.

D.

It automatically downloads new event handlers and reports.

Question 11

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

To add a new chart under FortiView to be used in new reports

B.

To build a dataset and chart automatically, based on the filtered search results

C.

To add charts directly to generate reports in the current ADOM

D.

To build a chart automatically based on the top 100 log entries

Question 12

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

Options:

A.

The total disk space is insufficient and you need to add other disk.

B.

CPU resources are too high.

C.

The ADOM disk quota is set too low based on log rates.

D.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Question 13

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Options:

A.

Both modes, forwarding and aggregation, support encryption of logs between devices.

B.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

C.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

D.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Question 14

Refer to the exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzerl and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

All devices listed can be members

D.

FortiAnalyzer2 and FortiAnalyzer3

Question 15

For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered

devices should:

Options:

A.

Use DNS

B.

Use host name resolution

C.

Use real-time forwarding

D.

Use an NTP server

Question 16

What is the purpose of a dataset query in FortiAnalyzer?

Options:

A.

It sorts log data into tables

B.

It extracts the database schema

C.

It retrieves log data from the database

D.

It injects log data into the database

Question 17

Refer to the exhibit.

Which statement is correct regarding the event displayed?

Options:

A.

The security risk was blocked or dropped.

B.

The security event risk is considered open.

C.

An incident was created from this event.

D.

The risk source is isolated.

Question 18

An administrator has moved FortiGate A from the root ADOM to ADOM1.

Which two statements are true regarding logs? (Choose two.)

Options:

A.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.

Logs will be presented in both ADOMs immediately after the move.

D.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Question 19

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the

purpose of running the following CLI command?

execute sql-local rebuild-adom

Options:

A.

To reset the disk quota enforcement to default

B.

To remove the analytics logs of the device from the old database

C.

To migrate the archive logs to the new ADOM

D.

To populate the new ADOM with analytical logs for the moved device, so you can run reports

Question 20

View the exhibit.

What does the data point at 14:35 tell you?

Options:

A.

FortiAnalyzer is dropping logs.

B.

FortiAnalyzer is indexing logs faster than logs are being received.

C.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

D.

The sqlplugind daemon is ahead in indexing by one log.

Question 21

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

Options:

A.

To properly correlate logs

B.

To use real-time forwarding

C.

To resolve host names

D.

To improve DNS response times

Question 22

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?

Options:

A.

Hot swap the disk.

B.

There is no need to do anything because the disk will self-recover.

C.

Run execute format disk to format and restart the FortiAnalyzer device.

D.

Shut down FortiAnalyzer and replace the disk

Question 23

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

Options:

A.

The size of newly generated reports is optimized to conserve disk space.

B.

FortiAnalyzer local cache is used to store generated reports.

C.

When new logs are received, the hard-cache data is updated automatically.

D.

The generation time for reports is decreased.

Question 24

On the RAID management page, the disk status is listed asInitializing.

What does the statusInitializingindicate about what the FortiAnalyzer is currently doing?

Options:

A.

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

B.

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

C.

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

D.

FortiAnalyzer is functioning normally

Question 25

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Question 26

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

Options:

A.

Principal

B.

Service provider

C.

Identity collector

D.

Identity provider

Question 27

What FortiGate process caches logs when FortiAnalyzer is not reachable?

Options:

A.

logfiled

B.

sqlplugind

C.

oftpd

D.

miglogd

Question 28

Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Question 29

Consider the CLI command:

What is the purpose of the command?

Options:

A.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.

To add the MD5 hash value and authentication code

C.

To add a log file checksum

D.

To encrypt log communications

Question 30

Which statement is true regarding Macros on FortiAnalyzer?

Options:

A.

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

B.

Macros are supported only on the FortiGate ADOM.

C.

Macros are useful in generating excel log files automatically based on the reports settings.

D.

Macros are predefined templates for reports and cannot be customized.

Question 31

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

Options:

A.

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.

Disk logging is enabled on the FortiGate through the CLI only.

E.

Disk logging is enabled by default on the FortiGate.

Question 32

Why run the command diagnose sql status sqlplugind?

Options:

A.

To list the current SQL processes running

B.

To check what is the database log insertion status

C.

To display the SOL query connections and hcache status

D.

To view the current hcache size

Question 33

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

Options:

A.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

B.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

C.

Use the execute sql-report run ADOM1 command to run a report.

D.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

Question 34

Refer to the exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Question 35

If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the

FortiAnalyzer back to functioning normally, without losing data?

Options:

A.

Hot swap the disk

B.

Replace the disk and rebuild the RAID manually

C.

Take no action if the RAID level supports a failed disk

D.

Shut down FortiAnalyzer and replace the disk

Question 36

Refer to the exhibit.

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.

Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

Options:

A.

It creates a wildcard administrator using LDAP and RADIUS servers.

B.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.

It allows administrators to use two-factor authentication.

Question 37

What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log

settings?

Options:

A.

The log file is stored as a raw log and is available for analytic support.

B.

The log file rolls over and is archived.

C.

The log file is purged from the database.

D.

The log file is overwritten.

Question 38

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

Options:

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Question 39

What are offline logs on FortiAnalyzer?

Options:

A.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.

Logs that are indexed and stored in the SQL database.

D.

Logs that are collected from offline devices after they boot up.

Question 40

Which daemon is responsible for enforcing raw log file size?

Options:

A.

logfiled

B.

oftpd

C.

sqlplugind

D.

miglogd

Question 41

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

Options:

A.

FROM

B.

LIMIT

C.

WHERE

D.

ORDER BY

Page: 1 / 10
Total 137 questions