Fortinet Fortinet Certifications NSE5_FAZ-7.0 Questions & Answers

• Question 41:

  For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

  A. Use DNS

  B. Use host name resolution

  C. Use real-time forwarding

  D. Use an NTP server

  Correct Answer: D

• Question 42:

  Consider the CLI command:

  

  What is the purpose of the command?

  A. To add a unique tag to each log to prove that it came from this FortiAnalyzer

  B. To add the MD5 hash value and authentication code

  C. To add a log file checksum

  D. To encrypt log communications

  Correct Answer: C

  set log-checksum md5 = record log file's MD5 hash value only.

  set log-checksum md5-auth = record log file's MD5 hash value and authentication code

• Question 43:

  View the exhibit:

  

  What does the 1000MB maximum for disk utilization refer to?

  A. The disk quota for the FortiAnalyzer model

  B. The disk quota for all devices in the ADOM

  C. The disk quota for each device in the ADOM

  D. The disk quota for the ADOM type

  Correct Answer: B

  https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration- guide/743670/configuring-log-storage-policy

• Question 44:

  On the RAID management page, the disk status is listed as Initializing.

  What does the status Initializing indicate about what the FortiAnalyzer is currently doing?

  A. FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

  B. FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

  C. FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

  D. FortiAnalyzer is functioning normally

  Correct Answer: C

  Reference:

  https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef- 11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)

• Question 45:

  When you perform a system backup, what does the backup configuration contain? (Choose two.)

  A. Generated reports

  B. Device list

  C. Authorized devices logs

  D. System information

  Correct Answer: BD

  https://help.fortinet.com/fa/cli-olh/5-6- 5/Content/Document/1400_execute/backup.htm Reference: https://help.fortinet.com/fauth/5- 2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm

• Question 46:

  What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

  A. A FortiGate ADOM

  B. The FortiGate serial number

  C. A pre-shared key

  D. Valid FortiAnalyzer credentials

  Correct Answer: D

  This method requires that both FortiGate and FortiAnalyzer are running version 7.0.1 or higher. It is also required that the FortiGate administrator has valid credentials to log in on FortiAnalyzer and complete the registration. FortiAnalyzer_7.0_Study_Guide-Online pag. 93

• Question 47:

  Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

  A. Both modes, forwarding and aggregation, support encryption of logs between devices.

  B. In aggregation mode, you can forward logs to syslog and CEF servers as well.

  C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

  D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

  Correct Answer: AC

  Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong.

  Forwarding is always in real time and does not ONLY forward to other FortiAnalyzer devices. It also forwards to Syslog/CEF. D is wrong. Answer is A and C.

• Question 48:

  You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed. What is the recommended method to replace the disk?

  A. Shut down FortiAnalyzer and then replace the disk

  B. Downgrade your RAID level, replace the disk, and then upgrade your RAID level

  C. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

  D. Perform a hot swap

  Correct Answer: A

  

  https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on- FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20know n%20as%20hot%20swapping

• Question 49:

  Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

  A. Virtual domains

  B. Administrative access profiles

  C. Trusted hosts

  D. Security Fabric

  Correct Answer: BC

  Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration- guide/219292/administrator-profiles https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration- guide/581222/trusted-hosts

• Question 50:

  What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?

  A. Hot swap the disk.

  B. There is no need to do anything because the disk will self-recover.

  C. Run execute format disk to format and restart the FortiAnalyzer device.

  D. Shut down FortiAnalyzer and replace the disk

  Correct Answer: A

  Hardware RAID not software