ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FAZ-7.2

Fortinet NSE5_FAZ-7.2 Practice Test - Questions Answers, Page 13

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which SQL query is in the correct order to query the database in the FortiAnslyzer?
Which two statements are true regarding ADOM modes? (Choose two.)
What purposes does the auto-cache setting on reports serve? (Choose two.)
Why run the command diagnose sql status sqlplugind?
Which statement correctly describes the management extensions available on FortiAnalyzer?
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?

Question 121

Report
Export
Collapse

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

A.
To add a new chart under FortiView to be used in new reports
A.
To add a new chart under FortiView to be used in new reports
Answers
B.
To build a dataset and chart automatically, based on the filtered search results
B.
To build a dataset and chart automatically, based on the filtered search results
Answers
C.
To add charts directly to generate reports in the current ADOM
C.
To add charts directly to generate reports in the current ADOM
Answers
D.
To build a chart automatically based on the top 100 log entries
D.
To build a chart automatically based on the top 100 log entries
Answers
Suggested answer: B

Question 122

Report
Export
Collapse

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

A.
The endpoint is marked as Compromised and. optionally, can be put in quarantine.
A.
The endpoint is marked as Compromised and. optionally, can be put in quarantine.
Answers
B.
FortiAnalyzer flags the associated host for further analysis.
B.
FortiAnalyzer flags the associated host for further analysis.
Answers
C.
A new Infected entry is added for the corresponding endpoint.
C.
A new Infected entry is added for the corresponding endpoint.
Answers
D.
The detection engine classifies those logs as Suspicious
D.
The detection engine classifies those logs as Suspicious
Answers
Suggested answer: A

Question 123

Report
Export
Collapse

Refer to the exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

A.
FortiAnalyzerl and FortiAnalyzer3
A.
FortiAnalyzerl and FortiAnalyzer3
Answers
B.
FortiAnalyzer1 and FortiAnalyzer2
B.
FortiAnalyzer1 and FortiAnalyzer2
Answers
C.
All devices listed can be members
C.
All devices listed can be members
Answers
D.
FortiAnalyzer2 and FortiAnalyzer3
D.
FortiAnalyzer2 and FortiAnalyzer3
Answers
Suggested answer: C

Question 124

Report
Export
Collapse

Refer to the exhibit.

What does the data point at 12:20 indicate?

A.
The performance of FortiAnalyzer is below the baseline.
A.
The performance of FortiAnalyzer is below the baseline.
Answers
B.
FortiAnalyzer is using its cache to avoid dropping logs.
B.
FortiAnalyzer is using its cache to avoid dropping logs.
Answers
C.
The log insert lag time is increasing.
C.
The log insert lag time is increasing.
Answers
D.
The sqlplugind service is caught up with new logs.
D.
The sqlplugind service is caught up with new logs.
Answers
Suggested answer: C

Question 125

Report
Export
Collapse

Which statement about the FortiSIEM management extension is correct?

A.
Allows you to manage the entire life cycle of a threat or breach.
A.
Allows you to manage the entire life cycle of a threat or breach.
Answers
B.
Its use of the available disk space is capped at 50%.
B.
Its use of the available disk space is capped at 50%.
Answers
C.
It requires a licensed FortiSIEM supervisor.
C.
It requires a licensed FortiSIEM supervisor.
Answers
D.
It can be installed as a dedicated VM.
D.
It can be installed as a dedicated VM.
Answers
Suggested answer: A

Explanation:


Question 126

Report
Export
Collapse

Why run the command diagnose sql status sqlplugind?

A.
To list the current SQL processes running
A.
To list the current SQL processes running
Answers
B.
To check what is the database log insertion status
B.
To check what is the database log insertion status
Answers
C.
To display the SOL query connections and hcache status
C.
To display the SOL query connections and hcache status
Answers
D.
To view the current hcache size
D.
To view the current hcache size
Answers
Suggested answer: C

Question 127

Report
Export
Collapse

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

A.
System information
A.
System information
Answers
B.
Logs from registered devices
B.
Logs from registered devices
Answers
C.
Report information
C.
Report information
Answers
D.
Database snapshot
D.
Database snapshot
Answers
Suggested answer: A, C

Explanation:

What does the System Configuration backup include?

System information, such as the device IP address and administrative user information.

Device list, such as any devices you configured to allow log access.

Report information, such as any configured report settings, as well as all your custom report details.

These are not the actual reports.

FortiAnalyzer_7.0_Study_Guide-Online pag. 29

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 29: What does the System Configuration backup include?

• System information, such as the device IP address and administrative user information

• Device list, such as any devices you configured to allow log access

• Report information, such as any configured report settings, as well as all your custom report details.

These are not the actual reports.

Question 128

Report
Export
Collapse

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

A.
You can export only one playbook at a time.
A.
You can export only one playbook at a time.
Answers
B.
You can import a playbook even if there is another one with the same name in the destination.
B.
You can import a playbook even if there is another one with the same name in the destination.
Answers
C.
Playbooks can be exported and imported only within the same FortiAnaryzer.
C.
Playbooks can be exported and imported only within the same FortiAnaryzer.
Answers
D.
A playbook that was disabled when it was exported, will be disabled when it is imported.
D.
A playbook that was disabled when it was exported, will be disabled when it is imported.
Answers
Suggested answer: B, D

Explanation:

If the imported playbook has the same name as an existing one, FortiAnalyzer will create a new name that includes a timestamp to avoid conflicts.

Playbooks are imported with the same status they had (enabled or disabled) when they were exported.

Playbooks set to run automatically should be exported while they are disabled to avoid unintended runs on the destination.

Question 129

Report
Export
Collapse

Which SQL query is in the correct order to query the database in the FortiAnslyzer?

A.
SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'
A.
SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'
Answers
B.
SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid
B.
SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid
Answers
C.
SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid
C.
SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid
Answers
D.
FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid
D.
FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid
Answers
Suggested answer: C

Explanation:

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 259: The main clauses FortiAnalyzer reports use are as follows:

•FROM

•WHERE

•GROUP BY

•ORDER BY

• LIMIT

• OFFSET

Accordingly, following the SELECT keyword, the statement must be followed by one or more clauses in the order in which they appear in the table shown on this slide.

Question 130

Report
Export
Collapse

Refer to the exhibits.

How many events will be added to the incident created after running this playbook?

A.
Ten events will be added.
A.
Ten events will be added.
Answers
B.
No events will be added.
B.
No events will be added.
Answers
C.
Five events will be added.
C.
Five events will be added.
Answers
D.
Thirteen events will be added.
D.
Thirteen events will be added.
Answers
Suggested answer: A
Total 137 questions
Go to page: of 14
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms