Winter Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

NSE5_FAZ-7.2 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

NSE5_FAZ-7.2 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.2
  • Last Update: Jan 22, 2025
  • Questions and Answers: 137
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

NSE5_FAZ-7.2 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

NSE5_FAZ-7.2 Practice Exam Questions with Answers Fortinet NSE 5 - FortiAnalyzer 7.2 Certification

Question # 6

Which log will generate an event with the status Contained?

A.

An IPS log with action=pass.

B.

A WebFilter log with action=dropped.

C.

An AV log with action=quarantine.

D.

An AppControl log with action=blocked.

Full Access
Question # 7

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

A.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.

FortiAnalyzer flags the associated host for further analysis.

C.

A new Infected entry is added for the corresponding endpoint.

D.

The detection engine classifies those logs as Suspicious

Full Access
Question # 8

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

A.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Full Access
Question # 9

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

A.

To upload logs to an SFTP server

B.

To prevent log modification during backup

C.

To send an identical set of logs to a second logging server

D.

To encrypt log communication between devices

Full Access
Question # 10

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

A.

System information

B.

Logs from registered devices

C.

Report information

D.

Database snapshot

Full Access
Question # 11

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)

A.

Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.

B.

Must establish an IPsec tunnel ID and pre-shared key.

C.

IPsec cannot be enabled if SSL is enabled as well.

D.

IPsec is only enabled through the CLI on FortiAnalyzer.

Full Access
Question # 12

What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log

settings?

A.

The log file is stored as a raw log and is available for analytic support.

B.

The log file rolls over and is archived.

C.

The log file is purged from the database.

D.

The log file is overwritten.

Full Access
Question # 13

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Full Access
Question # 14

Which SQL query is in the correct order to query the database in the FortiAnslyzer?

A.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

Full Access
Question # 15

You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?

A.

FortiAnalyzer resets the disk quota of the new ADOM to default.

B.

FortiAnalyzer migrates archive logs to the new ADOM.

C.

FortiAnalyzer migrates analytics logs to the new ADOM.

D.

FortiAnalyzer removes logs from the old ADOM.

Full Access
Question # 16

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

A.

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.

Disk logging is enabled on the FortiGate through the CLI only.

E.

Disk logging is enabled by default on the FortiGate.

Full Access
Question # 17

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data

policy.

What is the most likely problem?

A.

CPU resources are too high

B.

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.

The total disk space is insufficient and you need to add other disk

D.

The ADOM disk quota is set too low, based on log rates

Full Access
Question # 18

Which statement describes a dataset in FortiAnalyzer?

A.

They determine what data is retrieved from the database.

B.

They provide the layout used for reports.

C.

They are used to set the data included in templates.

D.

They define the chart types to be used in reports.

Full Access
Question # 19

Which statements are correct regarding FortiAnalyzer reports? (Choose two)

A.

FortiAnalyzer provides the ability to create custom reports.

B.

FortiAnalyzer glows you to schedule reports to run.

C.

FortiAnalyzer includes pre-defined reports only.

D.

FortiAnalyzer allows reporting for FortiGate devices only.

Full Access
Question # 20

What is the purpose of employing RAID with FortiAnalyzer?

A.

To introduce redundancy to your log data

B.

To provide data separation between ADOMs

C.

To separate analytical and archive data

D.

To back up your logs

Full Access
Question # 21

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Full Access
Question # 22

Consider the CLI command:

NSE5_FAZ-7.2 question answer

What is the purpose of the command?

A.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.

To add the MD5 hash value and authentication code

C.

To add a log file checksum

D.

To encrypt log communications

Full Access
Question # 23

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Full Access
Question # 24

View the exhibit:

NSE5_FAZ-7.2 question answer

What does the 1000MB maximum for disk utilization refer to?

A.

The disk quota for the FortiAnalyzer model

B.

The disk quota for all devices in the ADOM

C.

The disk quota for each device in the ADOM

D.

The disk quota for the ADOM type

Full Access
Question # 25

What are offline logs on FortiAnalyzer?

A.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.

Logs that are indexed and stored in the SQL database.

D.

Logs that are collected from offline devices after they boot up.

Full Access
Question # 26

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

A.

FROM

B.

LIMIT

C.

WHERE

D.

ORDER BY

Full Access
Question # 27

What can the CLI command # diagnose test application oftpd 3 help you to determine?

A.

What devices and IP addresses are connecting to FortiAnalyzer

B.

What logs, if any, are reaching FortiAnalyzer

C.

What ADOMs are enabled and configured

D.

What devices are registered and unregistered

Full Access
Question # 28

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

A.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

B.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

C.

Use the execute sql-report run ADOM1 command to run a report.

D.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

Full Access
Question # 29

You crested a playbook on FortiAnalyzer that uses a FortiOS connector

When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?

A.

FortiAnalyzer Event Handler

B.

Incoming webhook

C.

FortiOS Event Log

D.

Fabric Connector event

Full Access
Question # 30

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

A.

Virtual domains

B.

Administrative access profiles

C.

Trusted hosts

D.

Security Fabric

Full Access
Question # 31

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

A.

The total disk space is insufficient and you need to add other disk.

B.

CPU resources are too high.

C.

The ADOM disk quota is set too low based on log rates.

D.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Full Access
Question # 32

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.

Which filter will achieve the desired result?

A.

operation-login & dstip==10.1.1.210 & user!-admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

Full Access
Question # 33

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

A.

A FortiGate ADOM

B.

The FortiGate serial number

C.

A pre-shared key

D.

Valid FortiAnalyzer credentials

Full Access
Question # 34

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose

two.)

A.

License type

B.

Disk size

C.

Total quota

D.

RAID level

Full Access
Question # 35

In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to

a hostname. How can you resolve the source and destination IPs, without introducing any additional

performance impact to FortiAnalyzer?

A.

Configure local DNS servers on FortiAnalyzer

B.

Resolve IPs on FortiGate

C.

Configure # set resolve-ip enable in the system FortiView settings

D.

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Full Access
Question # 36

What can you do on FortiAnalyzer to restrict administrative access from specific locations?

A.

Configure trusted hosts for that administrator.

B.

Enable geo-location services on accessible interface.

C.

Configure two-factor authentication with a remote RADIUS server.

D.

Configure an ADOM for respective location.

Full Access
Question # 37

What must you consider when using log fetching? (Choose two.)

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Full Access
Question # 38

What does the disk status Degraded mean for RAID management?

A.

One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.

B.

The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

C.

The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.

D.

The hard driveiIs no longer being used by the RAID controller

Full Access
Question # 39

What is the purpose of the following CLI command?

NSE5_FAZ-7.2 question answer

A.

To add a log file checksum

B.

To add the MD’s hash value and authentication code

C.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

D.

To encrypt log communications

Full Access
Question # 40

On the RAID management page, the disk status is listed asInitializing.

What does the statusInitializingindicate about what the FortiAnalyzer is currently doing?

A.

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

B.

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

C.

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

D.

FortiAnalyzer is functioning normally

Full Access
Question # 41

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Full Access