Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Fortinet
NSE 5 Network Security Analyst
NSE5_FAZ-7.2
Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Pass the Fortinet NSE 5 Network Security Analyst NSE5_FAZ-7.2 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam NSE5_FAZ-7.2 Premium Access

View all detail and faqs for the NSE5_FAZ-7.2 exam

Go to Exam

746 Students Passed

92% Average Score

94% Same Questions

Viewing page 3 out of 5 pages

Viewing questions 21-30 out of questions

Questions # 21:

What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three)

Options:

RADIUS

Local

LDAP

PKI

TACACS+

Answer

A, C, E

Questions # 22:

Which two statements are true regarding the outbreak detection service? (Choose two.)

Options:

New alerts are received by email.

Outbreak alerts are available on the root ADOM only.

An additional license is required.

It automatically downloads new event handlers and reports.

Answer

C, D

Questions # 23:

What are offline logs on FortiAnalyzer?

Options:

Compressed logs, which are also known as archive logs, are considered to be offline logs.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

Logs that are indexed and stored in the SQL database.

Logs that are collected from offline devices after they boot up.

Answer

Explanation

[Reference:https://help.fortinet.com/fa/faz50hlp/56/5-6-6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_analytics_logs.htm, Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled or otherwise) are known as archive logs and are considered offline so they don’t offer immediate analytic support. Combined, they count toward the archive quota and retention limits, and they are deleted based on the ADOM data policy. FortiAnalyzer_7.0_Study_Guide-Online page 140, ]

Questions # 24:

By default, what happens when a log file reaches its maximum file size?

Options:

FortiAnalyzer overwrites the log files.

FortiAnalyzer stops logging.

FortiAnalyzer rolls the active log by renaming the file.

FortiAnalyzer forwards logs to syslog.

Answer

Questions # 25:

In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to

a hostname. How can you resolve the source and destination IPs, without introducing any additional

performance impact to FortiAnalyzer?

Options:

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Answer

Questions # 26:

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the

purpose of running the following CLI command?

execute sql-local rebuild-adom

Options:

To reset the disk quota enforcement to default

To remove the analytics logs of the device from the old database

To migrate the archive logs to the new ADOM

To populate the new ADOM with analytical logs for the moved device, so you can run reports

Answer

Explanation

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 128: Are the device analytics logs required for reports in the new ADOM? If so, rebuild the new ADOM database

Questions # 27:

Refer to the exhibit.

Question # 27

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

Report size will be optimized to conserve disk space on FortiAnalyzer.

Reports will be cached in the memory.

This feature is automatically enabled for scheduled reports.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Answer

C, D

Explanation

"Enable auto-cache in the report settings to boost the reporting performance and reduce report generation time. Scheduled reports have auto-cache enabled already."

FortiAnalyzer_7.0_Study_Guide-Online page 306

Questions # 28:

When you perform a system backup, what does the backup configuration contain? (Choose two.)

Options:

Generated reports

Device list

Authorized devices logs

System information

Answer

B, D

Explanation

https://help.fortine t.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm

[Reference:https://help.fortinet.com/fauth/5-2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm, , , ]

Questions # 29:

Refer to the exhibit.

Question # 29

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.

What can you conclude from the configuration displayed?

Options:

This FortiAnalyzer will join to the existing HA cluster as the primary.

This FortiAnalyzer is configured to receive logs in its port1.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

After joining to the cluster, this FortiAnalyzer will keep an updated log database.

Answer

Explanation

"If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit."(https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104 )

Questions # 30:

Refer to the exhibit.

Question # 30