ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FAZ-7.2

Fortinet NSE5_FAZ-7.2 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which SQL query is in the correct order to query the database in the FortiAnslyzer?
Which two statements are true regarding ADOM modes? (Choose two.)
What purposes does the auto-cache setting on reports serve? (Choose two.)
Why run the command diagnose sql status sqlplugind?
Which statement correctly describes the management extensions available on FortiAnalyzer?
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?

Question 61

Report
Export
Collapse

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

A.
Principal
A.
Principal
Answers
B.
Service provider
B.
Service provider
Answers
C.
Identity collector
C.
Identity collector
Answers
D.
Identity provider
D.
Identity provider
Answers
Suggested answer: B, D

Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/new-features/957811/samladminauthentication#:~:text=for%20the%20administrator.-,FortiAnalyzer%20can%20play%20the%20role%20of%20the%20identity%20provider%20(IdP,external%20identity%20provider%20is%20available.

https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/981386/saml-adminauthentication

In FortiAnalyzer, SAML can be enabled across all Security Fabric devices, enabling smooth movement between devices for the administrator by means of single sign-on (SSO).

FortiAnalyzer can play the role of the identity provider (IdP), the service provider (SP), or Fabric SP, when an external identity provider is available.

FortiAnalyzer_7.0_Study_Guide-Online pag. 48

Question 62

Report
Export
Collapse

Which two purposes does the auto cache setting on reports serve? (Choose two.)

A.
It automatically updates the hcache when new logs arrive.
A.
It automatically updates the hcache when new logs arrive.
Answers
B.
It provides diagnostics on report generation time.
B.
It provides diagnostics on report generation time.
Answers
C.
It reduces the log insert lag rate.
C.
It reduces the log insert lag rate.
Answers
D.
It reduces report generation time.
D.
It reduces report generation time.
Answers
Suggested answer: A, D

Explanation:

Reference:

https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/384416/how-autocache-works

https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/86926/enabling-autocache

Question 63

Report
Export
Collapse

What are offline logs on FortiAnalyzer?

A.
Compressed logs, which are also known as archive logs, are considered to be offline logs.
A.
Compressed logs, which are also known as archive logs, are considered to be offline logs.
Answers
B.
When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
B.
When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
Answers
C.
Logs that are indexed and stored in the SQL database.
C.
Logs that are indexed and stored in the SQL database.
Answers
D.
Logs that are collected from offline devices after they boot up.
D.
Logs that are collected from offline devices after they boot up.
Answers
Suggested answer: A

Explanation:

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_analytics_logs.htm

Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled or otherwise) are known as archive logs and are considered offline so they don't offer immediate analytic support. Combined, they count toward the archive quota and retention limits, and they are deleted based on the ADOM data policy. FortiAnalyzer_7.0_Study_Guide-Online page 140

Question 64

Report
Export
Collapse

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

A.
A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
A.
A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
Answers
B.
Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
B.
Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
Answers
C.
Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
C.
Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
Answers
D.
Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
D.
Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Answers
Suggested answer: B, D

Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.1/administrationguide/651442/fetcher-management

Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer, which you can then run queries or reports on for forensic analysis.

The FortiAnalyzer device that fetches logs operates as the fetch client, and the other FortiAnalyzer device that sends logs operates as the fetch server. Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end.

FortiAnalyzer_7.0_Study_Guide-Online pag. 168

Question 65

Report
Export
Collapse

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

A.
Use this command only if the source IP addresses are not resolved on FortiGate.
A.
Use this command only if the source IP addresses are not resolved on FortiGate.
Answers
B.
It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
B.
It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
Answers
C.
You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
C.
You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
Answers
D.
It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
D.
It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
Answers
Suggested answer: D

Explanation:

Reference: https://community.fortinet.com/t5/Fortinet-Forum/Hostnames-in-FortiAnalyzer/mp/95351?m=156950

Question 66

Report
Export
Collapse

Which two statements are true regarding ADOM modes? (Choose two.)

A.
You can only change ADOM modes through CLI.
A.
You can only change ADOM modes through CLI.
Answers
B.
In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
B.
In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
Answers
C.
In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
C.
In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
Answers
D.
Normal mode is the default ADOM mode.
D.
Normal mode is the default ADOM mode.
Answers
Suggested answer: C, D

Explanation:

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMGFAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm

Question 67

Report
Export
Collapse

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

A.
Both modes, forwarding and aggregation, support encryption of logs between devices.
A.
Both modes, forwarding and aggregation, support encryption of logs between devices.
Answers
B.
In aggregation mode, you can forward logs to syslog and CEF servers as well.
B.
In aggregation mode, you can forward logs to syslog and CEF servers as well.
Answers
C.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
C.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
Answers
D.
Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
D.
Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Answers
Suggested answer: A, C

Explanation:

A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config).

C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.

Question 68

Report
Export
Collapse

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

A.
Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
A.
Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
Answers
B.
Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
B.
Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
Answers
C.
Use the execute sql-report run ADOM1 command to run a report.
C.
Use the execute sql-report run ADOM1 command to run a report.
Answers
D.
Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
D.
Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Answers
Suggested answer: B

Explanation:

Reference: https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sqllocal+.

htm

Question 69

Report
Export
Collapse

Which statement is true regarding Macros on FortiAnalyzer?

A.
Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
A.
Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
Answers
B.
Macros are supported only on the FortiGate ADOM.
B.
Macros are supported only on the FortiGate ADOM.
Answers
C.
Macros are useful in generating excel log files automatically based on the reports settings.
C.
Macros are useful in generating excel log files automatically based on the reports settings.
Answers
D.
Macros are predefined templates for reports and cannot be customized.
D.
Macros are predefined templates for reports and cannot be customized.
Answers
Suggested answer: A

Explanation:

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 283: Note that macros are ADOM-specific and supported in FortiGate and FortiCarrier ADOMs only.

Question 70

Report
Export
Collapse

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

A.
When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
A.
When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
Answers
B.
Collector mode is the default operating mode.
B.
Collector mode is the default operating mode.
Answers
C.
When in collector mode. FortiAnalyzer supports event management and reporting features.
C.
When in collector mode. FortiAnalyzer supports event management and reporting features.
Answers
D.
By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
D.
By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
Answers
Suggested answer: A, D

Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administrationguide/227478/collector-mode

https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/312644/analyzercollector-collaboration

Total 137 questions
Go to page: of 14
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms