NSE5_FAZ-7.0 Online Practice Questions and Answers

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

A. Antivirus logs

B. Web filter logs

C. IPS logs

D. Application control logs

The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. What can be the reason for this failure?

A. FortiAnalyzer is in an HA cluster.

B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device.

C. ADOMs are not enabled on FortiAnalyzer.

D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

If you upgrade the FortiAnalyzer firmware, which report element can be affected?

A. Custom datasets

B. Report scheduling

C. Report settings

D. Output profiles

Which two statements are true regarding fabric connectors? (Choose two.)

A. Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

B. Fabric connectors allow to save storage costs and improve redundancy.

C. Storage connector service does not require a separate license to send logs to cloud platform.

D. Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

What is the purpose of employing RAID with FortiAnalyzer?

A. To introduce redundancy to your log data

B. To provide data separation between ADOMs

C. To separate analytical and archive data

D. To back up your logs

Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

A. Report size will be optimized to conserve disk space on FortiAnalyzer.

B. Reports will be cached in the memory.

C. This feature is automatically enabled for scheduled reports.

D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

A. In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B. In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C. This feature allows you to build a chart under FortiView.

D. You can add charts to generated reports using this feature.

What is Log Insert Lag Time on FortiAnalyzer?

A. The number of times in the logs where end users experienced slowness while accessing resources.

B. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

C. The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.

D. The amount of time FortiAnalyzer takes to receive logs from a registered device

When you perform a system backup, what does the backup configuration contain? (Choose two.)

A. Generated reports

B. Device list

C. Authorized devices logs

D. System information

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C. Both secure communications methods (SSL and IPsec) allow the store and upload option.

D. Disk logging is enabled on the FortiGate through the CLI only.

E. Disk logging is enabled by default on the FortiGate.

What two things should an administrator do to view Compromised Hosts on FortiAnalyzer? (Choose two.)

A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

B. Make sure all endpoints are reachable by FortiAnalyzer.

C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.

How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

A. Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B. Configure # set resolve-ip enable in the system FortiView settings

C. Configure local DNS servers on FortiAnalyzer

D. Resolve IP addresses on FortiGate

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

A. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

B. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

C. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

By default, what happens when a log file reaches its maximum file size?

A. FortiAnalyzer overwrites the log files.

B. FortiAnalyzer stops logging.

C. FortiAnalyzer rolls the active log by renaming the file.

D. FortiAnalyzer forwards logs to syslog.

How does FortiAnalyzer retrieve specific log data from the database?

A. SQL FROM statement

B. SQL GET statement

C. SQL SELECT statement

D. SQL EXTRACT statement