ExamGecko
Login
Home / Fortinet / NSE5_FAZ-7.2 / List of questions
Ask Question

Fortinet NSE5_FAZ-7.2 Practice Test - Questions Answers, Page 7

Add to Whishlist

List of questions

Question 61

Report Export Collapse

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

Principal
Principal
Service provider
Service provider
Identity collector
Identity collector
Identity provider
Identity provider
Suggested answer: B, D
Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/new-features/957811/samladminauthentication#:~:text=for%20the%20administrator.-,FortiAnalyzer%20can%20play%20the%20role%20of%20the%20identity%20provider%20(IdP,external%20identity%20provider%20is%20available.

https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/981386/saml-adminauthentication

In FortiAnalyzer, SAML can be enabled across all Security Fabric devices, enabling smooth movement between devices for the administrator by means of single sign-on (SSO).

FortiAnalyzer can play the role of the identity provider (IdP), the service provider (SP), or Fabric SP, when an external identity provider is available.

FortiAnalyzer_7.0_Study_Guide-Online pag. 48

asked 18/09/2024
Rama Krishna
42 questions

Question 62

Report Export Collapse

Which two purposes does the auto cache setting on reports serve? (Choose two.)

It automatically updates the hcache when new logs arrive.
It automatically updates the hcache when new logs arrive.
It provides diagnostics on report generation time.
It provides diagnostics on report generation time.
It reduces the log insert lag rate.
It reduces the log insert lag rate.
It reduces report generation time.
It reduces report generation time.
Suggested answer: A, D
Explanation:

Reference:

https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/384416/how-autocache-works

https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/86926/enabling-autocache

asked 18/09/2024
Cynthia Gutknecht
48 questions

Question 63

Report Export Collapse

What are offline logs on FortiAnalyzer?

Compressed logs, which are also known as archive logs, are considered to be offline logs.
Compressed logs, which are also known as archive logs, are considered to be offline logs.
When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
Logs that are indexed and stored in the SQL database.
Logs that are indexed and stored in the SQL database.
Logs that are collected from offline devices after they boot up.
Logs that are collected from offline devices after they boot up.
Suggested answer: A
Explanation:

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_analytics_logs.htm

Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled or otherwise) are known as archive logs and are considered offline so they don't offer immediate analytic support. Combined, they count toward the archive quota and retention limits, and they are deleted based on the ADOM data policy. FortiAnalyzer_7.0_Study_Guide-Online page 140

asked 18/09/2024
Ervin Loong
46 questions

Question 64

Report Export Collapse

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Suggested answer: B, D
Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.1/administrationguide/651442/fetcher-management

Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer, which you can then run queries or reports on for forensic analysis.

The FortiAnalyzer device that fetches logs operates as the fetch client, and the other FortiAnalyzer device that sends logs operates as the fetch server. Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end.

FortiAnalyzer_7.0_Study_Guide-Online pag. 168

asked 18/09/2024
Omar Solomon
37 questions

Question 65

Report Export Collapse

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

Use this command only if the source IP addresses are not resolved on FortiGate.
Use this command only if the source IP addresses are not resolved on FortiGate.
It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
Suggested answer: D
Explanation:

Reference: https://community.fortinet.com/t5/Fortinet-Forum/Hostnames-in-FortiAnalyzer/mp/95351?m=156950

asked 18/09/2024
Renats Fasulins
45 questions

Question 66

Report Export Collapse

Which two statements are true regarding ADOM modes? (Choose two.)

You can only change ADOM modes through CLI.
You can only change ADOM modes through CLI.
In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
Normal mode is the default ADOM mode.
Normal mode is the default ADOM mode.
Suggested answer: C, D
Explanation:

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMGFAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm

asked 18/09/2024
Lucia Montero Tejeda
47 questions

Question 67

Report Export Collapse

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Both modes, forwarding and aggregation, support encryption of logs between devices.
Both modes, forwarding and aggregation, support encryption of logs between devices.
In aggregation mode, you can forward logs to syslog and CEF servers as well.
In aggregation mode, you can forward logs to syslog and CEF servers as well.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Suggested answer: A, C
Explanation:

A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config).

C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.

asked 18/09/2024
Peter Kiraly
41 questions

Question 68

Report Export Collapse

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
Use the execute sql-report run ADOM1 command to run a report.
Use the execute sql-report run ADOM1 command to run a report.
Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Suggested answer: B
Explanation:

Reference: https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sqllocal+.

htm

asked 18/09/2024
Tyler Andringa
41 questions

Question 69

Report Export Collapse

Which statement is true regarding Macros on FortiAnalyzer?

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
Macros are supported only on the FortiGate ADOM.
Macros are supported only on the FortiGate ADOM.
Macros are useful in generating excel log files automatically based on the reports settings.
Macros are useful in generating excel log files automatically based on the reports settings.
Macros are predefined templates for reports and cannot be customized.
Macros are predefined templates for reports and cannot be customized.
Suggested answer: A
Explanation:

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 283: Note that macros are ADOM-specific and supported in FortiGate and FortiCarrier ADOMs only.

asked 18/09/2024
Letlhogonolo Phiri
40 questions

Question 70

Report Export Collapse

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
Collector mode is the default operating mode.
Collector mode is the default operating mode.
When in collector mode. FortiAnalyzer supports event management and reporting features.
When in collector mode. FortiAnalyzer supports event management and reporting features.
By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
Suggested answer: A, D
Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administrationguide/227478/collector-mode

https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/312644/analyzercollector-collaboration

asked 18/09/2024
Subhendu Bhattacharyya
43 questions
Total 137 questions
Go to page: of 14
Open VPLUS File
Convert VPLUS to PDF

Related questions

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
On FortiAnalyzer, what is a wildcard administrator account?
Which SQL query is in the correct order to query the database in the FortiAnslyzer?
Which statement correctly describes the management extensions available on FortiAnalyzer?
What purposes does the auto-cache setting on reports serve? (Choose two.)
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?
Which two statements are true regarding ADOM modes? (Choose two.)
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Why run the command diagnose sql status sqlplugind?
What is the recommended method of expanding disk space on a FortiAnalyzer VM?