Fortinet NSE 5 Network Security Analyst NSE5_FAZ-7.0 Questions & Answers

• Question 1:

  Which two statements are true regarding ADOM modes? (Choose two.)

  A. You can only change ADOM modes through CLI.

  B. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

  C. In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

  D. Normal mode is the default ADOM mode.

  Correct Answer: CD

  Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG- FAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm

• Question 2:

  How does FortiAnalyzer retrieve specific log data from the database?

  A. SQL FROM statement

  B. SQL GET statement

  C. SQL SELECT statement

  D. SQL EXTRACT statement

  Correct Answer: C

  https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/137bb60e-ff37- 11e8-8524-f8bc1258b856/fortianalyzer-fortigate-sql-technote-40-mr2.pdf

• Question 3:

  What are offline logs on FortiAnalyzer?

  A. Compressed logs, which are also known as archive logs, are considered to be offline logs.

  B. When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

  C. Logs that are indexed and stored in the SQL database.

  D. Logs that are collected from offline devices after they boot up.

  Correct Answer: A

  Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled or otherwise) are known as archive logs

  and are considered offline so they don't offer immediate analytic support.

  Combined, they count toward the archive quota and retention limits, and they are deleted based on the ADOM data policy.

  FortiAnalyzer_7.0_Study_Guide-Online page 140

  Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6- 6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Arch ive_analytics_logs.htm

• Question 4:

  Which statement is true regarding Macros on FortiAnalyzer?

  A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

  B. Macros are supported only on the FortiGate ADOM.

  C. Macros are useful in generating excel log files automatically based on the reports settings.

  D. Macros are predefined templates for reports and cannot be customized.

  Correct Answer: A

  FortiAnalyzer 7.0 Study Guide online page no: 283 Reference: https://docs2.fortinet.com/document/fortianalyzer/6.2.3/administration- guide/617380/creating-macros

• Question 5:

  What is the purpose of the following CLI command?

  

  A. To add a log file checksum

  B. To add the MD's hash value and authentication code

  C. To add a unique tag to each log to prove that it came from this FortiAnalyzer

  D. To encrypt log communications

  Correct Answer: A

  https://docs2.fortinet.com/document/fortianalyzer/6.0.3/cli- reference/849211/global

• Question 6:

  Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

  A. The total disk space is insufficient and you need to add other disk.

  B. CPU resources are too high.

  C. The ADOM disk quota is set too low based on log rates.

  D. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

  Correct Answer: C

  https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG FAZ/1100_Storage/0017_Deleted%20device%20logs.htm https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration- guide/87802/automatic-deletion

• Question 7:

  By default, what happens when a log file reaches its maximum file size?

  A. FortiAnalyzer overwrites the log files.

  B. FortiAnalyzer stops logging.

  C. FortiAnalyzer rolls the active log by renaming the file.

  D. FortiAnalyzer forwards logs to syslog.

  Correct Answer: C

• Question 8:

  Which two statements are correct regarding the export and import of playbooks? (Choose two.)

  A. Playbooks can be exported and imported only within the same FortiAnalyzer.

  B. You can export only one playbook at a time.

  C. A playbook that was disabled when it was exported, will be disabled when it is imported.

  D. You can import a playbook even if there is another one with the same name in the destination.

  Correct Answer: CD

  D : If the imported playbook has the same name as an existing one, FortiAnalyzer will create a new name that includes a timestamp to avoid conflicts.

  C : Playbooks are imported with the same status they had (enabled or disabled) when they were exported. Playbooks set to run automatically should be exported while they are disabled to avoid unintended runs on the destination.

• Question 9:

  What are two advantages of setting up fabric ADOM? (Choose two.)

  A. It can be used for fast data processing and log correlation

  B. It can be used to facilitate communication between devices in same Security Fabric

  C. It can include all Fortinet devices that are part of the same Security Fabric

  D. It can include only FortiGate devices that are part of the same Security Fabric

  Correct Answer: AC

  All Fortinet devices in a Security Fabric can be placed into the same ADOM It allows for fast data processing and data correlation, also enables combined results to be presented in reports, FortiView, and more https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration- guide/448471/creating-a-security-fabric-adom

• Question 10:

  What FortiGate process caches logs when FortiAnalyzer is not reachable?

  A. logfiled

  B. sqlplugind

  C. oftpd

  D. miglogd

  Correct Answer: D

  Reference: https://forum.fortinet.com/tm.aspx?m=143106