Fortinet NSE5_FAZ-7.0 Online Practice Questions and Exam Preparation

Fortinet NSE5_FAZ-7.0 Online Questions & Answers

• Question 91:

  For which two purposes would you use the command set log checksum? (Choose two.)

  A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
  B. To prevent log modification or tampering
  C. To encrypt log communications
  D. To send an identical set of logs to a second logging server
  A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
  B. To prevent log modification or tampering

  ---

  To prevent the log in the store from being modified, you can add a log checksum by using the config system global command. When the log is split, archived, and the log is uploaded (if the feature is enabled), you can configure the FortiAnalyzer to log the log file hash value, timestamp, and authentication code. This can help defend against man-in-the-middle attacks when uploading log transmission data from the FortiAnalyzer to the SFTP server.

• Question 92:

  Refer to the exhibit.

  

  What is the purpose of using the Chart Builder feature on FortiAnalyzer?

  A. In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.
  B. In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.
  C. This feature allows you to build a chart under FortiView.
  D. You can add charts to generated reports using this feature.
  A. In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

• Question 93:

  Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

  A. FortiAnalyzer HA can function without VRRP, and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
  B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
  C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
  D. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.
  E. FortiAnalyzer HA implementation is supported by all cloud providers.
  B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
  C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

  ---

  FortiAnalyzer HA implementation works only in networks where Virtual Router Redundancy Protocol (VRRP) is permitted. Therefore it may not be supported by some public cloud infrastructures. FortiAnalyzer_7.0_Study_Guide-Online pag. 60

• Question 94:

  What can the CLI command # diagnose test application oftpd 3 help you to determine?

  A. What devices and IP addresses are connecting to FortiAnalyzer
  B. What logs, if any, are reaching FortiAnalyzer
  C. What ADOMs are enabled and configured
  D. What devices are registered and unregistered
  A. What devices and IP addresses are connecting to FortiAnalyzer

  ---

  Device and ADOM Status Check

  diagnose test application oftpd 3 # Devices and IPs are connecting to FortiAnalyzer diagnose test application oftpd 8 # Receiving logs in FortiAnalyzre diagnose dvm adom list # ADOMs are enabled and configured diagnose dvm device list # Devices or VDOMs are currently registed and unregistered

  https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli- reference/395556/test#test_application

• Question 95:

  Refer to the exhibit.

  

  Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

  A. Report size will be optimized to conserve disk space on FortiAnalyzer.
  B. Reports will be cached in the memory.
  C. This feature is automatically enabled for scheduled reports.
  D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
  C. This feature is automatically enabled for scheduled reports.
  D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

• Question 96:

  What are offline logs on FortiAnalyzer?

  A. Compressed logs, which are also known as archive logs, are considered to be offline logs.
  B. When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
  C. Logs that are indexed and stored in the SQL database.
  D. Logs that are collected from offline devices after they boot up.
  A. Compressed logs, which are also known as archive logs, are considered to be offline logs.

  ---

  Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled or otherwise) are known as archive logs

  and are considered offline so they don't offer immediate analytic support.

  Combined, they count toward the archive quota and retention limits, and they are deleted based on the ADOM data policy.

  FortiAnalyzer_7.0_Study_Guide-Online page 140

  Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6- 6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Arch ive_analytics_logs.htm

• Question 97:

  When you perform a system backup, what does the backup configuration contain? (Choose two.)

  A. Generated reports
  B. Device list
  C. Authorized devices logs
  D. System information
  B. Device list
  D. System information

  ---

  https://help.fortinet.com/fa/cli-olh/5-6- 5/Content/Document/1400_execute/backup.htm Reference: https://help.fortinet.com/fauth/5- 2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm

• Question 98:

  For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

  A. Use DNS
  B. Use host name resolution
  C. Use real-time forwarding
  D. Use an NTP server
  D. Use an NTP server

• Question 99:

  Which statement correctly describes the management extensions available on FortiAnalyzer?

  A. Management extensions do not require additional licenses.
  B. Management extensions may require a minimum number of CPU cores to run.
  C. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
  D. Management extensions require a dedicated VM for best performance.
  B. Management extensions may require a minimum number of CPU cores to run.

  ---

  Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.

  The possible statuses are:

  Unhandled: The security event risk is not mitigated or contained, so it is considered open.

  Contained: The risk source is isolated.

  Mitigated: The security risk is mitigated by being blocked or dropped.

  (Blank): Other scenarios.

  FortiAnalyzer_7.0_Study_Guide-Online pag. 189.

• Question 100:

  Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

  A. By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance.
  B. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
  C. When in collector mode. FortiAnalyzer supports event management and reporting features.
  D. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
  E. Collector mode is the default operating mode.
  A. By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance.
  B. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.

  ---

  FortiAnalyzer_7.0_Study_Guide-Online pag. 10