Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

NSE5_FAZ-7.2 PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

NSE5_FAZ-7.2 PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.2
  • Last Update: Apr 17, 2024
  • Questions and Answers: 137
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

NSE5_FAZ-7.2 Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

NSE5_FAZ-7.2 Practice Exam Questions with Answers Fortinet NSE 5 - FortiAnalyzer 7.2 Certification

Question # 6

What is the purpose of employing RAID with FortiAnalyzer?

A.

To introduce redundancy to your log data

B.

To provide data separation between ADOMs

C.

To separate analytical and archive data

D.

To back up your logs

Full Access
Question # 7

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

What does the data point at 14:55 tell you?

A.

The received rate is almost at its maximum for this device

B.

The sqlplugind daemon is behind in log indexing by two logs

C.

Logs are being dropped

D.

Raw logs are reaching FortiAnalyzer faster than they can be indexed

Full Access
Question # 8

On the RAID management page, the disk status is listed asInitializing.

What does the statusInitializingindicate about what the FortiAnalyzer is currently doing?

A.

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

B.

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

C.

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

D.

FortiAnalyzer is functioning normally

Full Access
Question # 9

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

A.

Antivirus logs

B.

Web filter logs

C.

IPS logs

D.

Application control logs

Full Access
Question # 10

You have recently grouped multiple FortiGate devices into a single ADOM.System Settings>Storage Info

shows the quota used.

What does the disk quota refer to?

A.

The maximum disk utilization for each device in the ADOM

B.

The maximum disk utilization for the FortiAnalyzer model

C.

The maximum disk utilization for the ADOM type

D.

The maximum disk utilization for all devices in the ADOM

Full Access
Question # 11

Refer to the exhibits.

NSE5_FAZ-7.2 question answer

NSE5_FAZ-7.2 question answer

How many events will be added to the incident created after running this playbook?

A.

Ten events will be added.

B.

No events will be added.

C.

Five events will be added.

D.

Thirteen events will be added.

Full Access
Question # 12

Which statement is true regarding Macros on FortiAnalyzer?

A.

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

B.

Macros are supported only on the FortiGate ADOM.

C.

Macros are useful in generating excel log files automatically based on the reports settings.

D.

Macros are predefined templates for reports and cannot be customized.

Full Access
Question # 13

Consider the CLI command:

NSE5_FAZ-7.2 question answer

What is the purpose of the command?

A.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.

To add the MD5 hash value and authentication code

C.

To add a log file checksum

D.

To encrypt log communications

Full Access
Question # 14

Which two statements express the advantages of grouping similar reports? (Choose two.)

A.

Improve report completion time.

B.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

C.

Reduce the number of hcache tables and improve auto-hcache completion time.

D.

Provides a better summary of reports.

Full Access
Question # 15

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

A.

The total disk space is insufficient and you need to add other disk.

B.

CPU resources are too high.

C.

The ADOM disk quota is set too low based on log rates.

D.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Full Access
Question # 16

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

A.

You can export only one playbook at a time.

B.

You can import a playbook even if there is another one with the same name in the destination.

C.

Playbooks can be exported and imported only within the same FortiAnaryzer.

D.

A playbook that was disabled when it was exported, will be disabled when it is imported.

Full Access
Question # 17

How can you configure FortiAnalyzer to permit administrator logins from only specific locations?

A.

Use static routes

B.

Use administrative profiles

C.

Use trusted hosts

D.

Use secure protocols

Full Access
Question # 18

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Full Access
Question # 19

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.

Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

A.

It creates a wildcard administrator using LDAP and RADIUS servers.

B.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.

It allows administrators to use two-factor authentication.

Full Access
Question # 20

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

A.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Full Access
Question # 21

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices arenotresolving to a hostname.

How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

A.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B.

Configure# set resolve-ip enablein the system FortiView settings

C.

Configure local DNS servers on FortiAnalyzer

D.

Resolve IP addresses on FortiGate

Full Access
Question # 22

On FortiAnalyzer, what is a wildcard administrator account?

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Full Access
Question # 23

What is the purpose of output variables?

A.

To store playbook execution statistics

B.

To use the output of the previous task as the input of the current task

C.

To display details of the connectors used by a playbook

D.

To save all the task settings when a playbook is exported

Full Access
Question # 24

For which two purposes would you use the commandset log checksum? (Choose two.)

A.

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

B.

To prevent log modification or tampering

C.

To encrypt log communications

D.

To send an identical set of logs to a second logging server

Full Access
Question # 25

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

A.

Principal

B.

Service provider

C.

Identity collector

D.

Identity provider

Full Access
Question # 26

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

A.

Success

B.

Failed

C.

Running

D.

Upstream_failed

Full Access
Question # 27

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

A.

System information

B.

Logs from registered devices

C.

Report information

D.

Database snapshot

Full Access
Question # 28

What are analytics logs on FortiAnalyzer?

A.

Log type Traffic logs.

B.

Logs that roll over when the log file reaches a specific size.

C.

Logs that are indexed and stored in the SQL.

D.

Raw logs that are compressed and saved to a log file.

Full Access
Question # 29

Refer to the exhibit.

NSE5_FAZ-7.2 question answer

What does the data point at 12:20 indicate?

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Full Access
Question # 30

When you perform a system backup, what does the backup configuration contain? (Choose two.)

A.

Generated reports

B.

Device list

C.

Authorized devices logs

D.

System information

Full Access
Question # 31

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on

FortiAnalyzer has failed.

What is the recommended method to replace the disk?

A.

Shut down FortiAnalyzer and then replace the disk

B.

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

C.

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

D.

Perform a hot swap

Full Access
Question # 32

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

A.

SSL is the default setting.

B.

SSL communications are auto-negotiated between the two devices.

C.

SSL can send logs in real-time only.

D.

SSL encryption levels are globally set on FortiAnalyzer.

E.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Full Access
Question # 33

By default, what happens when a log file reaches its maximum file size?

A.

FortiAnalyzer overwrites the log files.

B.

FortiAnalyzer stops logging.

C.

FortiAnalyzer rolls the active log by renaming the file.

D.

FortiAnalyzer forwards logs to syslog.

Full Access
Question # 34

Which statement about the FortiSIEM management extension is correct?

A.

Allows you to manage the entire life cycle of a threat or breach.

B.

Its use of the available disk space is capped at 50%.

C.

It requires a licensed FortiSIEM supervisor.

D.

It can be installed as a dedicated VM.

Full Access
Question # 35

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Full Access
Question # 36

Which daemon is responsible for enforcing the log file size?

A.

sqlplugind

B.

logfiled

C.

miglogd

D.

ofrpd

Full Access
Question # 37

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

A.

Use this command only if the source IP addresses are not resolved on FortiGate.

B.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Full Access
Question # 38

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

A.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Full Access
Question # 39

What are two benefits of using fabric connectors? (Choose two.)

A.

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

B.

You do not need an additional license to send logs to the cloud platform.

C.

Fabric connectors allow you to improve redundancy.

D.

Using fabric connectors is more efficient than using third-party polling with API.

Full Access
Question # 40

What is the purpose of a predefined template on the FortiAnalyzer?

A.

It can be edited and modified as required

B.

It specifies the report layout which contains predefined texts, charts, and macros

C.

It specifies report settings which contains time period, device selection, and schedule

D.

It contains predefined data to generate mock reports

Full Access
Question # 41

Which statement describes online logs on FortiAnalyzer?

A.

Logs that reached a specific size and were rolled over

B.

Logs that can be used to create reports

C.

Logs that can be viewed using Log Browse

D.

Logs that are saved to disk, compressed, and available in FortiView

Full Access