Fortinet NSE 5 - FortiAnalyzer 6.4 v1.0 (NSE5_FAZ-6.4)

Page:    1 / 2   
Total 33 questions

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

  • A. FROM
  • B. ORDER BY
  • C. LIMIT
  • D. WHERE


Answer : A

If a hard disk on FortiAnalyzer that supports hardware RAID fails, what can be done on FortiAnalyzer?

  • A. Shut down FortiAnalyzer and replace the disk.
  • B. Run execute format disk to format and restart the FortiAnalyzer device.
  • C. No need to do anything because the disk will self-recover.
  • D. Hot swap the disk


Answer : A

Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

  • A. Virtual domains
  • B. Administrative access profiles
  • C. Trusted hosts
  • D. Security Fabric


Answer : BC

Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/219292/administrator-profiles https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/581222/trusted-hosts

Which daemon is responsible for enforcing raw log file size?

  • A. logfiled
  • B. oftpd
  • C. sqlplugind
  • D. miglogd


Answer : A

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.
What is the recommended method to replace the disk?

  • A. Downgrade your RAID level, replace the disk, and then upgrade your RAID level.
  • B. Perform a hot swap.
  • C. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running.
  • D. Shut down FortiAnalyzer and then replace the disk.


Answer : D

Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping

What is the purpose of a predefined template on the FortiAnalyzer?

  • A. It specifies the report layout which contains predefined texts, charts, and macros
  • B. It specifies report settings which contains time period, device selection, and schedule
  • C. It contains predefined data to generate mock reports
  • D. It can be edited and modified as required


Answer : A

Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.8/administration-guide/618245/predefined-reports-templates-charts-and-macros

An administrator has configured the following settings:
config system global
set log-checksum md5-auth
end
What is the significance of executing this command?

  • A. This command records the log file MD5 hash value.
  • B. This command records passwords in log files and encrypts them.
  • C. This command encrypts log transfer between FortiAnalyzer and other devices.
  • D. This command records the log file MD5 hash value and authentication code.


Answer : D

Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.6/administration-guide/410387/appendix-b-log-integrity-and-secure-log-transfer

Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)

  • A. SNMP
  • B. IM
  • C. SMS
  • D. Email


Answer : AD

Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm

What are offline logs on FortiAnalyzer?

  • A. Compressed logs, which are also known as archive logs, are considered to be offline logs.
  • B. When you restart FortiAnalyzer, all stored logs are considered to be offline logs.
  • C. Logs that are indexed and stored in the SQL database.
  • D. Logs that are collected from offline devices after they boot up.


Answer : A

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_analytics_logs.htm

Refer to the exhibit.

What does the data point at 14:35 tell you?

  • A. FortiAnalyzer has temporary stopped receiving logs so older logs can be indexed.
  • B. FortiAnalyzer is indexing logs faster than logs are being received.
  • C. The fortilogd daemon is ahead in indexing by one log.
  • D. FortiAnalyzer is dropping logs.


Answer : B

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-widget

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

  • A. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
  • B. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
  • C. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
  • D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.


Answer : AB

Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.1/administration-guide/651442/fetcher-management

An administrator has configured the following settings:
config system fortiview settings
set resolve-ip enable
end
What is the significance of executing this command?

  • A. Use this command only if the source IP addresses are not resolved on FortiGate.
  • B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
  • C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer.
  • D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.


Answer : D

Reference: https://community.fortinet.com/t5/Fortinet-Forum/Hostnames-in-FortiAnalyzer/m-p/95351?m=156950

Which two statements are true regarding ADOM modes? (Choose two.)

  • A. You can only change ADOM modes through CLI.
  • B. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
  • C. In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
  • D. Normal mode is the default ADOM mode.


Answer : CD

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-FAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

  • A. In aggregation mode, you can forward logs to syslog and CEF servers as well.
  • B. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
  • C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
  • D. Both modes, forwarding and aggregation, support encryption of logs between devices.


Answer : CD

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/63238/what-is-the-difference-between-log-forward-and-log-aggregation-modes

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.
What should the administrator do to solve this issue?

  • A. Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
  • B. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
  • C. Use the execute sql-report run ADOM1 command to run a report.
  • D. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.


Answer : B

Reference: https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sql-local+.htm

Page:    1 / 2   
Total 33 questions