ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FAZ-7.2

Fortinet NSE5_FAZ-7.2 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which SQL query is in the correct order to query the database in the FortiAnslyzer?
Which two statements are true regarding ADOM modes? (Choose two.)
What purposes does the auto-cache setting on reports serve? (Choose two.)
Why run the command diagnose sql status sqlplugind?
Which statement correctly describes the management extensions available on FortiAnalyzer?
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?

Question 91

Report
Export
Collapse

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?

A.
The configured IP address is checked first.
A.
The configured IP address is checked first.
Answers
B.
The active port number is checked first.
B.
The active port number is checked first.
Answers
C.
The firmware version is checked first.
C.
The firmware version is checked first.
Answers
D.
The configured priority is checked first
D.
The configured priority is checked first
Answers
Suggested answer: D

Explanation:

In the case of a primary device failure, FortiAnalyzer HA uses the following rules to select a new primary:

• All cluster devices are assigned a priority from 80 to 120. The default priority is 100. If the primary device becomes unavailable, the device with the highest priority is selected as the new primary device. For example, a device with a priority of 110 is selected over a device with a priority of 100.

• If multiple devices have the same priority, the device whose primary IP address has the greatest value is selected as the new primary device. For example, 123.45.67.124 is selected over 123.45.67.123.

• If a new device with a higher priority or a greater value IP address joins the cluster, the new device does not replace (or pre-empt) the current primary device automatically.

FortiAnalyzer_7.0_Study_Guide-Online page 62

Question 92

Report
Export
Collapse

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?

A.
Hot swap the disk.
A.
Hot swap the disk.
Answers
B.
There is no need to do anything because the disk will self-recover.
B.
There is no need to do anything because the disk will self-recover.
Answers
C.
Run execute format disk to format and restart the FortiAnalyzer device.
C.
Run execute format disk to format and restart the FortiAnalyzer device.
Answers
D.
Shut down FortiAnalyzer and replace the disk
D.
Shut down FortiAnalyzer and replace the disk
Answers
Suggested answer: A

Explanation:

https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMGFAZ/0700_RAID/0800_Swapping%20Disks.htm#:~:text=If%20a%20hard%20disk%20on,to%20exchanging%20the%20hard%20disk.

Question 93

Report
Export
Collapse

Which statement is true about sending notifications with incident updates?

A.
Notifications can be sent only when an incident is updated or deleted.
A.
Notifications can be sent only when an incident is updated or deleted.
Answers
B.
If you use multiple fabric connectors, all connectors must have the same notification settings
B.
If you use multiple fabric connectors, all connectors must have the same notification settings
Answers
C.
Notifications can be sent only by email.
C.
Notifications can be sent only by email.
Answers
D.
You can send notifications to multiple external platforms
D.
You can send notifications to multiple external platforms
Answers
Suggested answer: D

Explanation:

You can add more than one fabric connector, each with the same or different notification settings.

The receiving side of the connector must be configured for the notifications to be sent successfully.

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 34: Fabric connectors also enable FortiAnalyzer to send notifications to ITSM platforms when a new incident is created or for any subsequent updates.

Question 94

Report
Export
Collapse

Which statement correctly describes the management extensions available on FortiAnalyzer?

A.
Management extensions do not require additional licenses.
A.
Management extensions do not require additional licenses.
Answers
B.
Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.
B.
Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.
Answers
C.
Management extensions require a dedicated VM for best performance.
C.
Management extensions require a dedicated VM for best performance.
Answers
D.
Management extensions may require a minimum number of CPU cores to run.
D.
Management extensions may require a minimum number of CPU cores to run.
Answers
Suggested answer: D

Explanation:

Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.

The possible statuses are:

Unhandled: The security event risk is not mitigated or contained, so it is considered open.

Contained: The risk source is isolated.

Mitigated: The security risk is mitigated by being blocked or dropped.

(Blank): Other scenarios.

FortiAnalyzer_7.0_Study_Guide-Online pag. 189.

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 189: Review the hardware requirements before you enable a management extension application. Some of them require a minimum amount of memory or a minimum number of CPU cores.

Question 95

Report
Export
Collapse

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

A.
Success
A.
Success
Answers
B.
Failed
B.
Failed
Answers
C.
Running
C.
Running
Answers
D.
Upstream_failed
D.
Upstream_failed
Answers
Suggested answer: B

Explanation:

Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor.

FortiAnalyzer_7.0_Study Guide page No: 247

Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor. A failed status, however, does not mean that all tasks failed. Some individual actions may have been completed successfully.

Question 96

Report
Export
Collapse

When working with FortiAnalyzer reports, what is the purpose of a dataset?

A.
To provide the layout used for reports
A.
To provide the layout used for reports
Answers
B.
To define the chart type to be used
B.
To define the chart type to be used
Answers
C.
To retrieve data from the database
C.
To retrieve data from the database
Answers
D.
To set the data included in templates
D.
To set the data included in templates
Answers
Suggested answer: C

Explanation:

Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.4/administrationguide/148744/creating-datasets

Datasets: Structured Query Language (SQL) SELECT queries that extract specific data from the database

Question 97

Report
Export
Collapse

Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.

What can you conclude from the configuration displayed?

A.
This FortiAnalyzer will join to the existing HA cluster as the primary.
A.
This FortiAnalyzer will join to the existing HA cluster as the primary.
Answers
B.
This FortiAnalyzer is configured to receive logs in its port1.
B.
This FortiAnalyzer is configured to receive logs in its port1.
Answers
C.
This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
C.
This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
Answers
D.
After joining to the cluster, this FortiAnalyzer will keep an updated log database.
D.
After joining to the cluster, this FortiAnalyzer will keep an updated log database.
Answers
Suggested answer: B

Explanation:

"If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit."

(https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104)

Question 98

Report
Export
Collapse

You crested a playbook on FortiAnalyzer that uses a FortiOS connector When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?

A.
FortiAnalyzer Event Handler
A.
FortiAnalyzer Event Handler
Answers
B.
Incoming webhook
B.
Incoming webhook
Answers
C.
FortiOS Event Log
C.
FortiOS Event Log
Answers
D.
Fabric Connector event
D.
Fabric Connector event
Answers
Suggested answer: B

Explanation:

"One possible scenario is shown on the slide:

1. Traffic flows through the FortiGate

2. FortiGate sends logs to FortiAnalyzer

3. FortiAnalyzer detects some suspicious traffic and generates an event

4. The event triggers the execution of a playbook in FortiAnalyzer, which sends a webhook call to FortiGate so that it runs an automation stitch

5. FortiGate runs the automation stitch with the corrective or preventive actions" FortiAnalyzer_7.0_Study_Guide-Online page 228 In order to see the actions related to the FOS connector, you must enable an automation rule using the Incoming Webhook Call trigger on the FortiGate side. FortiAnalyzer_7.0_Study Guide page no 233

Question 99

Report
Export
Collapse

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

A.
Incidents dashboards
A.
Incidents dashboards
Answers
B.
Threat hunting
B.
Threat hunting
Answers
C.
FortiView Monitor
C.
FortiView Monitor
Answers
D.
Outbreak alert services
D.
Outbreak alert services
Answers
Suggested answer: B

Explanation:

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 217: Threat hunting consists in proactively searching for suspicious or potentially risky network activity in your environment. The proactive approach will help administrator find any threats that might have eluded detection by the current security solutions or configurations.

Question 100

Report
Export
Collapse

What must you consider when using log fetching? (Choose two.)

A.
The fetch client can retrieve logs from devices that are not added to its local Device Manager
A.
The fetch client can retrieve logs from devices that are not added to its local Device Manager
Answers
B.
You can use filters to include only logs from a single device.
B.
You can use filters to include only logs from a single device.
Answers
C.
The fetching profile must include a user with the Super_User profile.
C.
The fetching profile must include a user with the Super_User profile.
Answers
D.
The archive logs retrieved from the server become archive logs in the client.
D.
The archive logs retrieved from the server become archive logs in the client.
Answers
Suggested answer: B, C
Total 137 questions
Go to page: of 14
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms