Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Questions 4

Refer to the exhibit.

NSE5_FAZ-7.2 Question 4

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Buy Now
Questions 5

How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

Options:

A.

Set the ADOM mode toAdvanced

B.

Assign the ADOMs to the administrator’s account

C.

Configure trusted hosts

D.

Assign the defaultSuper_Useradministrator profile

Buy Now
Questions 6

What is the purpose of trigger variables?

Options:

A.

To display statistics about the playbook runtime

B.

To use information from the trigger to filter the action in a task

C.

To provide the trigger information to make the playbook start running

D.

To store the start times of playbooks with On_Schedule triggers

Buy Now
Questions 7

What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server?

(Choose two.)

Options:

A.

SFTP, FTP, or SCP server

B.

Mail server

C.

Output profile

D.

Report scheduling

Buy Now
Questions 8

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

Options:

A.

Success

B.

Failed

C.

Running

D.

Upstream_failed

Buy Now
Questions 9

A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playbook after it is run?

Options:

A.

Running

B.

Failed

C.

Upstream_failed

D.

Success

Buy Now
Questions 10

An administrator has moved FortiGate A from the root ADOM to ADOM1.

Which two statements are true regarding logs? (Choose two.)

Options:

A.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.

Logs will be presented in both ADOMs immediately after the move.

D.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Buy Now
Questions 11

FortiAnalyzer centralizes which functions? (Choose three)

Options:

A.

Network analysis

B.

Graphical reporting

C.

Content archiving / data mining

D.

Vulnerability assessment

E.

Security log analysis / forensics

Buy Now
Questions 12

Which two statement are true regardless initial Logs sync and Log Data Sync for Ha on FortiAnalyzer?

Options:

A.

By default, Log Data Sync is disabled on all backup devise.

B.

Log Data Sync provides real-time log synchronization to all backup devices.

C.

With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

D.

When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

Buy Now
Questions 13

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Buy Now
Questions 14

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

Options:

A.

To properly correlate logs

B.

To use real-time forwarding

C.

To resolve host names

D.

To improve DNS response times

Buy Now
Questions 15

Which SQL query is in the correct order to query the database in the FortiAnslyzer?

Options:

A.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

Buy Now
Questions 16

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

Options:

A.

SSL is the default setting.

B.

SSL communications are auto-negotiated between the two devices.

C.

SSL can send logs in real-time only.

D.

SSL encryption levels are globally set on FortiAnalyzer.

E.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Buy Now
Questions 17

Which two statements are true regarding fabric connectors? (Choose two.)

Options:

A.

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

B.

Fabric connectors allow to save storage costs and improve redundancy.

C.

Storage connector service does not require a separate license to send logs to cloud platform.

D.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

Buy Now
Questions 18

An administrator has configured the following settings:

config system global

set log-checksum md5-auth

end

What is the significance of executing this command?

Options:

A.

This command records the log file MD5 hash value.

B.

This command records passwords in log files and encrypts them.

C.

This command encrypts log transfer between FortiAnalyzer and other devices.

D.

This command records the log file MD5 hash value and authentication code.

Buy Now
Questions 19

What is the recommended method of expanding disk space on a FortiAnalyzer VM?

Options:

A.

From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage

B.

From the VM host manager, expand the size of the existing virtual disk

C.

From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk

D.

From the VM host manager, add an additional virtual disk and rebuild your RAID array

Buy Now
Questions 20

What are analytics logs on FortiAnalyzer?

Options:

A.

Log type Traffic logs.

B.

Logs that roll over when the log file reaches a specific size.

C.

Logs that are indexed and stored in the SQL.

D.

Raw logs that are compressed and saved to a log file.

Buy Now
Questions 21

An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email.

What could be the problem?

Options:

A.

Fortinet is assigned the Standard_ User administrator profile.

B.

A trusted host is configured.

C.

ADOM mode is configured with Advanced mode.

D.

Fortinet is assigned the Restricted_ User administrator profile.

Buy Now
Questions 22

Refer to the exhibit.

NSE5_FAZ-7.2 Question 22

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Buy Now
Questions 23

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.

What can you do on FortiAnalyzer to accomplish this?

Options:

A.

Click FortiView and generate a report for that administrator.

B.

Click Task Monitor and view the tasks performed by that administrator.

C.

Click Log View and generate a report for that administrator.

D.

View the tasks performed by the rogue administrator in Fabric View.

Buy Now
Questions 24

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

Options:

A.

A FortiGate ADOM

B.

The FortiGate serial number

C.

A pre-shared key

D.

Valid FortiAnalyzer credentials

Buy Now
Questions 25

Refer to the exhibits.

NSE5_FAZ-7.2 Question 25

NSE5_FAZ-7.2 Question 25

How many events will be added to the incident created after running this playbook?

Options:

A.

Ten events will be added.

B.

No events will be added.

C.

Five events will be added.

D.

Thirteen events will be added.

Buy Now
Questions 26

What is the purpose of using prefilters when configuring event handlers?

Options:

A.

They limit which logs are checked for matches by the other filters.

B.

They can filter the logs before they are processed by FortiAnalyzer

C.

They download new filters to be used in event handlers.

D.

They are common filters applied simultaneously to all event handlers.

Buy Now
Questions 27

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

Options:

A.

Principal

B.

Service provider

C.

Identity collector

D.

Identity provider

Buy Now
Questions 28

When you perform a system backup, what does the backup configuration contain? (Choose two.)

Options:

A.

Generated reports

B.

Device list

C.

Authorized devices logs

D.

System information

Buy Now
Questions 29

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose

two.)

Options:

A.

License type

B.

Disk size

C.

Total quota

D.

RAID level

Buy Now
Questions 30

What is the purpose of the following CLI command?

NSE5_FAZ-7.2 Question 30

Options:

A.

To add a log file checksum

B.

To add the MD’s hash value and authentication code

C.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

D.

To encrypt log communications

Buy Now
Questions 31

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

Options:

A.

System information

B.

Logs from registered devices

C.

Report information

D.

Database snapshot

Buy Now
Questions 32

Which statements are correct regarding FortiAnalyzer reports? (Choose two)

Options:

A.

FortiAnalyzer provides the ability to create custom reports.

B.

FortiAnalyzer glows you to schedule reports to run.

C.

FortiAnalyzer includes pre-defined reports only.

D.

FortiAnalyzer allows reporting for FortiGate devices only.

Buy Now
Questions 33

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

Options:

A.

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

B.

Make sure all endpoints are reachable by FortiAnalyzer.

C.

Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

D.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Buy Now
Questions 34

If you upgrade the FortiAnalyzer firmware, which report element can be affected?

Options:

A.

Custom datasets

B.

Report scheduling

C.

Report settings

D.

Output profiles

Buy Now
Questions 35

What are two benefits of using fabric connectors? (Choose two.)

Options:

A.

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

B.

You do not need an additional license to send logs to the cloud platform.

C.

Fabric connectors allow you to improve redundancy.

D.

Using fabric connectors is more efficient than using third-party polling with API.

Buy Now
Questions 36

Refer to the exhibit.

NSE5_FAZ-7.2 Question 36

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

Options:

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Buy Now
Questions 37

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Options:

A.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.

FortiAnalyzer flags the associated host for further analysis.

C.

A new Infected entry is added for the corresponding endpoint.

D.

The detection engine classifies those logs as Suspicious

Buy Now
Questions 38

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Options:

A.

Incidents dashboards

B.

Threat hunting

C.

FortiView Monitor

D.

Outbreak alert services

Buy Now
Questions 39

In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results.

Similarly, which feature you can use for FortiView?

Options:

A.

Export to Report Chart

B.

Export to PDF

C.

Export to Chart Builder

D.

Export to Custom Chart

Buy Now
Questions 40

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?

Options:

A.

The configured IP address is checked first.

B.

The active port number is checked first.

C.

The firmware version is checked first.

D.

The configured priority is checked first

Buy Now
Questions 41

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Buy Now
Exam Code: NSE5_FAZ-7.2
Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.2
Last Update: Dec 3, 2024
Questions: 137

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now NSE5_FAZ-7.2 testing engine

PDF (Q&A)

$42  $104.99
buy now NSE5_FAZ-7.2 pdf