Fortinet NSE5_FAZ-7.2 Exam Prep Guide Prep guide for the NSE5_FAZ-7.2 Exam [Q81-Q105]

Rate this post

Fortinet NSE5_FAZ-7.2 Exam Prep Guide: Prep guide for the NSE5_FAZ-7.2 Exam

2023 New Preparation Guide of Fortinet NSE5_FAZ-7.2 Exam

The FortiAnalyzer solution is designed to help organizations improve their security posture by providing real-time visibility into network activity. With FortiAnalyzer, security teams can collect and analyze log data from multiple sources, including Fortinet FortiGate firewalls, FortiClient endpoints, and third-party devices. By using this tool, security professionals can quickly identify and respond to security threats, improve compliance, and optimize network performance.

Fortinet NSE5_FAZ-7.2 (Fortinet NSE 5 – FortiAnalyzer 7.2 Analyst) Exam is an advanced-level certification exam designed for security professionals who want to learn how to use FortiAnalyzer effectively. FortiAnalyzer is a software solution that enables organizations to collect, analyze, and correlate logs from their Fortinet security devices. Fortinet NSE 5 – FortiAnalyzer 7.2 Analyst certification exam tests the knowledge and skills of candidates in using FortiAnalyzer to manage and monitor network security.

Q81. View the exhibit.

What does the data point at 14:35 tell you?

FortiAnalyzer is dropping logs.

FortiAnalyzer is indexing logs faster than logs are being received.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

The sqlplugind daemon is ahead in indexing by one log.

Q82. What purposes does the auto-cache setting on reports serve? (Choose two.)

To reduce report generation time

To automatically update the hcache when new logs arrive

To reduce the log insert lag rate

To provide diagnostics on report generation time

Q83. By default, what happens when a log file reaches its maximum file size?

FortiAnalyzer overwrites the log files.

FortiAnalyzer stops logging.

FortiAnalyzer rolls the active log by renaming the file.

FortiAnalyzer forwards logs to syslog.

Q84. What is the purpose of output variables?

To store playbook execution statistics

To use the output of the previous task as the input of the current task

To display details of the connectors used by a playbook

To save all the task settings when a playbook is exported

Q85. For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

Use DNS

Use host name resolution

Use real-time forwarding

Use an NTP server

Q86. How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

Set the ADOM mode to Advanced

Assign the ADOMs to the administrator’s account

Configure trusted hosts

Assign the default Super_User administrator profile

Q87. If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?

The configured IP address is checked first.

The active port number is checked first.

The firmware version is checked first.

The configured priority is checked first

Q88. Which tabs do not appear when FortiAnalyzer is operating in Collector mode?

FortiView

Event Management

Device Manger

Reporting

Q89. Which statements are correct regarding FortiAnalyzer reports? (Choose two)

FortiAnalyzer provides the ability to create custom reports.

FortiAnalyzer glows you to schedule reports to run.

FortiAnalyzer includes pre-defined reports only.

FortiAnalyzer allows reporting for FortiGate devices only.

Q90. What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

Q91. Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

A local wildcard administrator account

A remote LDAP server

A trusted host profile that restricts access to the LDAP group

An administrator group

Q92. Which SQL query is in the correct order to query the database in the FortiAnslyzer?

SELECT devid FROM Slog GROOP BY devid WHERE * user’ =* USERl’

SELECT devid WHERE ‘u3er’=’USERl’ FROM $ log GROUP BY devid

SELECT devid FROM Slog- WHERE *user’ =’ USERl’ GROUP BY devid

FROM Slog WHERE ‘user* =’ USERl’ SELECT devid GROUP BY devid

Q93. How are logs forwarded when FortiAnalyzer is using aggregation mode?

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

Logs and content files are stored and uploaded at a scheduled time.

Logs are forwarded as they are received.

Logs and content files are forwarded as they are received.

Q94. Refer to the exhibit.

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

It creates a wildcard administrator using LDAP and RADIUS servers.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

It allows administrators to use two-factor authentication.

Q95. Which two statements are true regarding the outbreak detection service? (Choose two.)

New alerts are received by email.

Outbreak alerts are available on the root ADOM only.

An additional license is required.

It automatically downloads new event handlers and reports.

Q96. Which statement is true about sending notifications with incident updates?

Notifications can be sent only when an incident is updated or deleted.

If you use multiple fabric connectors, all connectors must have the same notification settings

Notifications can be sent only by email.

You can send notifications to multiple external platforms

Q97. Which daemon is responsible for enforcing the log file size?

sqlplugind

logfiled

miglogd

ofrpd

Q98. What statements are true regarding FortiAnalyzer ‘s treatment of high availability (HA) dusters? (Choose two)

FortiAnalyzer distinguishes different devices by their serial number.

FortiAnalyzer receives logs from d devices in a duster.

FortiAnalyzer receives bgs only from the primary device in the cluster.

FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

Q99. Which statement is true regarding Macros on FortiAnalyzer?

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

Macros are supported only on the FortiGate ADOM.

Macros are useful in generating excel log files automatically based on the reports settings.

Macros are predefined templates for reports and cannot be customized.

Q100. Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)

Must configure the FortiAnalyzer end of the tunnel only–the FortiGate end is auto-negotiated.

Must establish an IPsec tunnel ID and pre-shared key.

IPsec cannot be enabled if SSL is enabled as well.

IPsec is only enabled through the CLI on FortiAnalyzer.

Q101. Refer to the exhibit.

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than “admin” and coming from Laptop1:
Which filter will achieve the desired result?

operation-login & performed_on==”GUI(10.1.1.100)” & user!=admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & dstip==10.1.1.210 & userl-admin

operation-login & performed_on==”GUI(10.1.1.210)’ & user!=admin

Q102. Refer to the exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

FortiAnalyzerl and FortiAnalyzer3

FortiAnalyzer1 and FortiAnalyzer2

All devices listed can be members

FortiAnalyzer2 and FortiAnalyzer3

Q103. Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Incidents dashboards

Threat hunting

FortiView Monitor

Outbreak alert services

Q104. Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?