Fortinet NSE 5 - FortiAnalyzer 6.2 v1.0 (NSE5-FAZ-6.2)

Page:    1 / 3   
Total 42 questions

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

  • A. Antivirus logs
  • B. Web filter logs
  • C. IPS logs
  • D. Application control logs


Answer : B

Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%
7C_____6

Which two purposes does the auto-cache setting on reports serve? (Choose two.)

  • A. It automatically updates the hcache when new logs arrive
  • B. It reduces report generation time
  • C. It provides diagnostics on report generation time
  • D. It reduces the log insert lag rate


Answer : AB

Reference:
https://docs.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/282280/enabling-auto-cache

In order for FortiAnalyzer to collect logs from a FortiGate device, which two configurations are required? (Choose two.)

  • A. FortiGate must be registered with FortiAnalyzer
  • B. Remote logging must be enabled on FortiGate
  • C. ADOMs must be enabled
  • D. Log encryption must be enabled


Answer : AC

Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD41272

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

  • A. A local wildcard administrator account
  • B. A remote LDAP server
  • C. A trusted host profile that restricts access to the LDAP group
  • D. An administrator group


Answer : AB

Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567

When you perform a system backup, what does the backup configuration contain? (Choose two.)

  • A. Generated reports
  • B. Device list
  • C. Authorized devices logs
  • D. System information


Answer : BD

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

  • A. FROM
  • B. LIMIT
  • C. WHERE
  • D. ORDER BY


Answer : C

Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500

What is the purpose of a dataset query in FortiAnalyzer?

  • A. It sorts log data into tables
  • B. It extracts the database schema
  • C. It retrieves log data from the database
  • D. It injects log data into the database


Answer : C

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.
What is the most likely problem?

  • A. CPU resources are too high
  • B. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
  • C. The total disk space is insufficient and you need to add other disk
  • D. The ADOM disk quota is set too low, based on log rates


Answer : D

Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1100_Storage/0017_Deleted%20device%20logs.htm

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)

  • A. License type
  • B. Disk size
  • C. Total quota
  • D. RAID level


Answer : BD

Reference:
https://docs.fortinet.com/document/fortianalyzer/6.0.5/administration-guide/929977/disk-space-allocation

What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?

  • A. The log file is overwritten
  • B. The log file is stored as a raw log and is available for analytic support
  • C. The log file rolls over is archived
  • D. The log file is purged from the database


Answer : C

Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-6cf4-11e9-81a4-00505692583a/FortiAnalyzer-6.0.5-Administration-

Guide.pdf -

Which two statements about log forwarding are true? (Choose two.)

  • A. Forwarded logs cannot be filtered to match specific criteria.
  • B. Logs are forwarded in real-time only.
  • C. The client retains a local copy of the logs after forwarding.
  • D. You can use aggregation mode only with another FortiAnalyzer.


Answer : BC

Reference:
www.fortinetguru.com/2020/07/log-forwarding-fortianalyzer-fortios-6-2-3/

Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)

  • A. SMS
  • B. Email
  • C. SNMP
  • D. IM


Answer : BC

Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm

You have moved a registered logging device out of one ADOM and into a new ADOM.
What happens when you rebuild the new ADOM database?

  • A. FortiAnalyzer migrates analytics logs to the new ADOM.
  • B. FortiAnalyzer removes analytics logs from the old ADOM.
  • C. FortiAnalyzer resets the disk quota of the new ADOM to default.
  • D. FortiAnalyzer migrates archive logs to the new ADOM.


Answer : A

Consider the CLI command:


What is the purpose of the command?

  • A. To add a unique tag to each log to prove that it came from this FortiAnalyzer
  • B. To add the MD5 hash value and authentication code
  • C. To add a log file checksum
  • D. To encrypt log communications


Answer : B

Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.0.3/cli-reference/849211/global

How are logs forwarded when FortiAnalyzer is configured to use aggregation mode?

  • A. Logs are forwarded as they are received.
  • B. Logs are forwarded as they are received and content files are uploaded at a scheduled time.
  • C. Logs and content files are stored and uploaded at a scheduled time.
  • D. Logs and content files are forwarded as they are received.


Answer : D

Page:    1 / 3   
Total 42 questions