Fortinet NSE5_FAZ-6.4 Online Practice Questions and Exam Preparation

Fortinet NSE5_FAZ-6.4 Online Questions & Answers

• Question 51:

  Consider the CLI command:

  

  What is the purpose of the command?

  A. To add a unique tag to each log to prove that it came from this FortiAnalyzer
  B. To add the MD5 hash value and authentication code
  C. To add a log file checksum
  D. To encrypt log communications
  C. To add a log file checksum

  ---

  https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/849211/global

• Question 52:

  FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days.

  What is the most likely problem?

  A. Quota enforcement is acting on analytical data before a report is complete
  B. Logs are rolling before the report is run
  C. CPU resources are too high
  D. Disk utilization for archive logs is set for 15 days
  B. Logs are rolling before the report is run

  ---

  Reference: https://forum.fortinet.com/tm.aspx?m=138806

• Question 53:

  Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

  A. ADOMs are enabled by default.
  B. ADOMs constrain other administrator's access privileges to a subset of devices in the device list.
  C. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.
  D. All administrators can create ADOMs--not just the admin administrator.
  B. ADOMs constrain other administrator's access privileges to a subset of devices in the device list.
  C. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

• Question 54:

  You need to upgrade your FortiAnalyzer firmware.

  What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

  A. FortiAnalyzer uses log fetching to retrieve the logs when back online
  B. FortiGate uses the miglogd process to cache the logs
  C. The logfiled process stores logs in offline mode
  D. Logs are dropped
  B. FortiGate uses the miglogd process to cache the logs

• Question 55:

  What two things should an administrator do to view Compromised Hosts on FortiAnalyzer? (Choose two.)

  A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
  B. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer.
  C. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up-to-date.
  D. Make sure all endpoints are reachable by FortiAnalyzer.
  B. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer.
  C. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up-to-date.

  ---

  Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewing-compromised-hosts

• Question 56:

  Refer to the exhibit.

  

  Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

  A. Report size will be optimized to conserve disk space on FortiAnalyzer.
  B. Reports will be cached in the memory.
  C. This feature is automatically enabled for scheduled reports.
  D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
  C. This feature is automatically enabled for scheduled reports.
  D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

  ---

  Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0025_Auto-cache.htm

• Question 57:

  What are two of the key features of FortiAnalyzer? (Choose two.)

  A. Centralized log repository
  B. Cloud-based management
  C. Reports
  D. Virtual domains (VDOMs)
  A. Centralized log repository
  C. Reports

• Question 58:

  What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two)

  A. FortiAnalyzer distinguishes different devices by their serial number.
  B. FortiAnalyzer receives logs from d devices in a duster.
  C. FortiAnalyzer receives bgs only from the primary device in the cluster.
  D. FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.
  A. FortiAnalyzer distinguishes different devices by their serial number.
  B. FortiAnalyzer receives logs from d devices in a duster.

• Question 59:

  Refer to the exhibit.

  

  What does the data point at 14:55 tell you?

  A. The received rate is almost at its maximum for this device
  B. The sqlplugind daemon is behind in log indexing by two logs
  C. Logs are being dropped
  D. Raw logs are reaching FortiAnalyzer faster than they can be indexed
  D. Raw logs are reaching FortiAnalyzer faster than they can be indexed

• Question 60:

  For which two purposes would you use the command set log checksum? (Choose two.)

  A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
  B. To prevent log modification or tampering
  C. To encrypt log communications
  D. To send an identical set of logs to a second logging server
  A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
  B. To prevent log modification or tampering