NSE5_FAZ-7.2 Practice Exam Questions and Answers

A.  

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.  

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.  

This feature allows you to build a chart under FortiView.

D.  

You can add charts to generated reports using this feature.

A.  

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B.  

Configure# set resolve-ip enablein the system FortiView settings

C.  

Configure local DNS servers on FortiAnalyzer

D.  

Resolve IP addresses on FortiGate

A.  

FortiView

B.  

Event Management

C.  

Device Manger

D.  

Reporting

A.  

Notifications can be sent only when an incident is created or deleted.

B.  

You must configure an output profile to send notifications by email.

C.  

Each incident can send notifications to a single external platform.

D.  

Each connector used can have different notification settings.

A.  

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.  

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.  

Logs that are indexed and stored in the SQL database.

D.  

Logs that are collected from offline devices after they boot up.

A.  

Mail server

B.  

Output profile

C.  

SFTP server

D.  

Report scheduling

A.  

Running

B.  

Failed

C.  

Upstream_failed

D.  

Success

A.  

This command records the log file MD5 hash value.

B.  

This command records passwords in log files and encrypts them.

C.  

This command encrypts log transfer between FortiAnalyzer and other devices.

D.  

This command records the log file MD5 hash value and authentication code.

A.  

The performance of FortiAnalyzer is below the baseline.

B.  

FortiAnalyzer is using its cache to avoid dropping logs.

C.  

The log insert lag time is increasing.

D.  

The sqlplugind service is caught up with new logs.

A.  

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.  

FortiAnalyzer flags the associated host for further analysis.

C.  

A new Infected entry is added for the corresponding endpoint.

D.  

The detection engine classifies those logs as Suspicious

A.  

Chart Builder

B.  

Export to Report Chart

C.  

Dataset Library

D.  

Custom View

A.  

You can only change ADOM modes through CLI.

B.  

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

C.  

In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

D.  

Normal mode is the default ADOM mode.

A.  

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.  

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.  

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.  

Disk logging is enabled on the FortiGate through the CLI only.

E.  

Disk logging is enabled by default on the FortiGate.

A.  

Notifications can be sent only when an incident is updated or deleted.

B.  

If you use multiple fabric connectors, all connectors must have the same notification settings

C.  

Notifications can be sent only by email.

D.  

You can send notifications to multiple external platforms

A.  

By attaching it to an event handler alert

B.  

By editing the settings of the desired report

C.  

From the properties of an existing incident

D.  

Saving it in JSON format, and then importing it

A.  

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

B.  

To prevent log modification or tampering

C.  

To encrypt log communications

D.  

To send an identical set of logs to a second logging server

A.  

SMS

B.  

Email

C.  

SNMP

D.  

IM

A.  

To reduce report generation time

B.  

To automatically update the hcache when new logs arrive

C.  

To reduce the log insert lag rate

D.  

To provide diagnostics on report generation time

A.  

Custom datasets

B.  

Report scheduling

C.  

Report settings

D.  

Output profiles

A.  

Ten events will be added.

B.  

No events will be added.

C.  

Five events will be added.

D.  

Thirteen events will be added.

A.  

Allows you to manage the entire life cycle of a threat or breach.

B.  

Its use of the available disk space is capped at 50%.

C.  

It requires a licensed FortiSIEM supervisor.

D.  

It can be installed as a dedicated VM.

A.  

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.  

To add the MD5 hash value and authentication code

C.  

To add a log file checksum

D.  

To encrypt log communications

A.  

It can be edited and modified as required

B.  

It specifies the report layout which contains predefined texts, charts, and macros

C.  

It specifies report settings which contains time period, device selection, and schedule

D.  

It contains predefined data to generate mock reports

A.  

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

B.  

Logs and content files are stored and uploaded at a scheduled time.

C.  

Logs are forwarded as they are received.

D.  

Logs and content files are forwarded as they are received.

A.  

FortiAnalyzer needs that time to parse the new playbook.

B.  

FortiAnalyzer needs that time to back up the current playbooks.

C.  

FortiAnalyzer needs that time to ensure there are no other playbooks running.

D.  

FortiAnalyzer needs that time to debug the new playbook.

A.  

Log type Traffic logs.

B.  

Logs that roll over when the log file reaches a specific size.

C.  

Logs that are indexed and stored in the SQL.

D.  

Raw logs that are compressed and saved to a log file.

A.  

Centralized log repository

B.  

Cloud-based management

C.  

Reports

D.  

Virtual domains (VDOMs)

A.  

Remote logging must be enabled on FortiGate

B.  

Log encryption must be enabled

C.  

ADOMs must be enabled

D.  

FortiGate must be registered with FortiAnalyzer

A.  

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B.  

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C.  

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D.  

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

A.  

System information

B.  

Logs from registered devices

C.  

Report information

D.  

Database snapshot

A.  

Fortinet is assigned the Standard_ User administrator profile.

B.  

A trusted host is configured.

C.  

ADOM mode is configured with Advanced mode.

D.  

Fortinet is assigned the Restricted_ User administrator profile.

A.  

To reset the disk quota enforcement to default

B.  

To remove the analytics logs of the device from the old database

C.  

To migrate the archive logs to the new ADOM

D.  

To populate the new ADOM with analytical logs for the moved device, so you can run reports

A.  

FortiAnalyzerl and FortiAnalyzer3

B.  

FortiAnalyzer1 and FortiAnalyzer2

C.  

All devices listed can be members

D.  

FortiAnalyzer2 and FortiAnalyzer3

A.  

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.  

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.  

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.  

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

A.  

Forwarded logs cannot be filtered to match specific criteria.

B.  

Logs are forwarded in real-time only.

C.  

The client retains a local copy of the logs after forwarding.

D.  

You can use aggregation mode only with another FortiAnalyzer.

A.  

To upload logs to an SFTP server

B.  

To prevent log modification during backup

C.  

To send an identical set of logs to a second logging server

D.  

To encrypt log communication between devices

A.  

You enabled auto-cache with extended log filtering.

B.  

The logfiled service has not indexed all the expected logs.

C.  

The logs were overwritten by the data retention policy.

D.  

The time frame selected in the report is wrong.

A.  

It can be used for fast data processing and log correlation

B.  

It can be used to facilitate communication between devices in same Security Fabric

C.  

It can include all Fortinet devices that are part of the same Security Fabric

D.  

It can include only FortiGate devices that are part of the same Security Fabric

A.  

FortiAnalyzer resets the disk quota of the new ADOM to default.

B.  

FortiAnalyzer migrates archive logs to the new ADOM.

C.  

FortiAnalyzer migrates analytics logs to the new ADOM.

D.  

FortiAnalyzer removes logs from the old ADOM.

A.  

The FortiAnalyzer stops logging once the disk log quota is met.

B.  

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.  

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.  

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

A.  

Improve report completion time.

B.  

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

C.  

Reduce the number of hcache tables and improve auto-hcache completion time.

D.  

Provides a better summary of reports.