ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_FAZ-7.2
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which SQL query is in the correct order to query the database in the FortiAnslyzer?
Which two statements are true regarding ADOM modes? (Choose two.)
What purposes does the auto-cache setting on reports serve? (Choose two.)
Why run the command diagnose sql status sqlplugind?
Which statement correctly describes the management extensions available on FortiAnalyzer?
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?

Question 77 - NSE5_FAZ-7.2 discussion

Report
Export

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer?

(Choose two.)

A.
Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
Answers
A.
Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
B.
Make sure all endpoints are reachable by FortiAnalyzer.
Answers
B.
Make sure all endpoints are reachable by FortiAnalyzer.
C.
Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
Answers
C.
Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
D.
Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
Answers
D.
Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
Suggested answer: A, D

Explanation:

In order to configure IOC, you require the following:

• A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is restrictive and only meant to give you an idea of how the feature works.

• A web filter services subscription on FortiGate device(s)

• Web filter policies on FortiGate device(s) that send traffic to FortiAnalyzer Compromised Hosts or Indicators of Compromise service (IOC) is a licensed feature.

To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the

FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.

Ref : https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewingcompromised-hosts

Show Answer
asked 18/09/2024
Rajesh Maharajan
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms