Fortinet NSE 5 - FortiAnalyzer 7.0 v1.0 (NSE5_FAZ-7.0)

Page:    1 / 3   
Total 38 questions

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?

  • A. Click Task Monitor and view the tasks performed by that administrator.
  • B. Click Fabric View and view the tasks performed by the rogue administrator.
  • C. Click Log View and generate a report for that administrator.
  • D. Click FortiView and generate a report for that administrator.


Answer : C

Reference: https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/841611/profiles-for-device-managers

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

  • A. Both modes, forwarding and aggregation, support encryption of logs between devices.
  • B. In aggregation mode, you can forward logs to syslog and CEF servers as well.
  • C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
  • D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.


Answer : BD

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/63238/what-is-the-difference-between-log-forward-and-log-aggregation-modes

After you have moved a registered logging device out of one ADOM and into a new ADOM. what is the purpose of running the following CLI command? execute sql-local rebuild-adom <new-ADOM-name>

  • A. To reset the disk quota enforcement to default
  • B. To migrate the archive logs to the new ADOM
  • C. To remove the analytics logs of the device from the old database
  • D. To populate the new ADOM with analytical logs for the moved device, so you can run reports


Answer : D

Reference: https://docs.fortinet.com/document/fortimanager/7.0.3/administration-guide/667061/creating-adoms

Which statement is true regarding Macros on FortiAnalyzer?

  • A. Macros are predefined templates for reports and cannot be customized.
  • B. Macros are useful in generating excel log files automatically based on the report settings.
  • C. Macros are supported only on the FortiGate ADOM.
  • D. Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM.


Answer : D

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-FAZ/2300_Reports/1200_Macro_library/0200_Create_Macros.htm

What is the purpose of output variables?

  • A. To display details of the connectors used by a playbook
  • B. To store playbook execution statistics
  • C. To save all the task settings when a playbook is exported
  • D. To use the output of the previous task as the input of the current task


Answer : D

Reference: https://network-insight.net/2022/07/25/ansible-variables-ansible-automation/

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

  • A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
  • B. Make sure all endpoints are reachable by FortiAnalyzer.
  • C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
  • D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.


Answer : AC

Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/788897/configuring-the-root-fortigate-and-downstream-fortigates

A playbook contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.
What will be the status of the playbook after its execution?

  • A. Failed
  • B. Success
  • C. Upstream_failed
  • D. Running


Answer : B

Reference: https://docs.ansible.com/ansible/latest/user_guide/playbooks_error_handling.html

Refer to the exhibit.

Which image corresponds to the packet capture shown in the exhibit?

  • A.
    B.

    C.
  • D.


Answer : B

Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

  • A. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
  • B. This feature is automatically enabled for scheduled reports.
  • C. Reports will be cached in the memory.
  • D. Report size will be optimized to conserve disk space on FortiAnalyzer.


Answer : AD

Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0025_Auto-cache.htm

You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?

  • A. FortiAnalyzer Event Handler
  • B. Incoming webhook
  • C. FortiOS Event Log
  • D. Fabric Connector event


Answer : C

Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/126663/creating-automation-stitches

Refer to the exhibits.


How many events will be added to the incident created after running this playbook?

  • A. No events will be added.
  • B. Ten events will be added.
  • C. Five events will be added.
  • D. Thirteen events will be added.


Answer : D

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

  • A. Playbooks can be exported and imported only within the same FortiAnalyzer.
  • B. You can export only one playbook at a time.
  • C. A playbook that was disabled when it was exported, will be disabled when it is imported.
  • D. You can import a playbook even if there is another one with the same name in the destination.


Answer : AC

Reference: https://community.fortinet.com/t5/FortiSIEM/Technical-Note-How-to-change-a-polling-interval/ta-p/191722?docType=4&externalId=FD39420&sliceId=1

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?

  • A. The firmware version is checked first.
  • B. The active port number is checked first.
  • C. The configured IP address is checked first.
  • D. The configured priority is checked first.


Answer : D

Reference: https://community.fortinet.com/t5/FortiExtender/FortiExtender-Basic-Commands-configuration-verification-or-setup/ta-p/195762?externalId=FD36098

Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?

  • A. This FortiAnalyzer will join to the existing HA cluster as the primary.
  • B. This FortiAnalyzer is configured to receive logs in its port1.
  • C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
  • D. After joining to the cluster, this FortiAnalyzer will keep an updated log database.


Answer : D

Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/266391/setting-up-a-fortianalyzer-ha-cluster

For which two purposes would you use the command set log checksum? (Choose two.)

  • A. To prevent log modification or tampering
  • B. To send an identical set of logs to a second logging server
  • C. To encrypt log communications
  • D. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server


Answer : AD

Reference: https://docs.fortinet.com/document/fortianalyzer/7.2.0/administration-guide/410387/appendix-b-log-integrity-and-secure-log-transfer

Page:    1 / 3   
Total 38 questions