Fortinet Fortinet Certifications NSE5_FAZ-7.0 Questions & Answers

• Question 71:

  A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer. What can you do on FortiAnalyzer to accomplish this?

  A. Click FortiView and generate a report for that administrator.

  B. Click Task Monitor and view the tasks performed by that administrator.

  C. Click Log View and generate a report for that administrator.

  D. View the tasks performed by the rogue administrator in Fabric View.

  Correct Answer: A

  Reference: https://docs.fortinet.com/document/fortimanager/6.4.1/administration- guide/792943/task-monitor

• Question 72:

  Which statement correctly describes the management extensions available on FortiAnalyzer?

  A. Management extensions do not require additional licenses.

  B. Management extensions may require a minimum number of CPU cores to run.

  C. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.

  D. Management extensions require a dedicated VM for best performance.

  Correct Answer: B

  Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.

  The possible statuses are:

  Unhandled: The security event risk is not mitigated or contained, so it is considered open.

  Contained: The risk source is isolated.

  Mitigated: The security risk is mitigated by being blocked or dropped.

  (Blank): Other scenarios.

  FortiAnalyzer_7.0_Study_Guide-Online pag. 189.

• Question 73:

  Which daemon is responsible for enforcing the log file size?

  A. sqlplugind

  B. logfiled

  C. miglogd

  D. ofrpd

  Correct Answer: B

  Disk quota enforcement is performed by different processes:

  The logfiled process enforces the log file size and is also responsible for disk quota enforcement by monitoring the other processes.

  FortiAnalyzer_7.0_Study_Guide-Online pag. 121

• Question 74:

  What is Log Insert Lag Time on FortiAnalyzer?

  A. The number of times in the logs where end users experienced slowness while accessing resources.

  B. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

  C. The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.

  D. The amount of time FortiAnalyzer takes to receive logs from a registered device

  Correct Answer: C

• Question 75:

  What is the recommended method of expanding disk space on a FortiAnalyzer VM?

  A. From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage

  B. From the VM host manager, expand the size of the existing virtual disk

  C. From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk

  D. From the VM host manager, add an additional virtual disk and rebuild your RAID array

  Correct Answer: A

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD40848

• Question 76:

  Refer to the exhibit.

  

  Which image corresponds to the packet capture shown in the exhibit?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: D

• Question 77:

  Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

  A. FROM

  B. LIMIT

  C. WHERE

  D. ORDER BY

  Correct Answer: A

  Select FROM... in any kind of database you must specify where you will get the data you are consulting, that's the FROM functionality... WHERE is just an aditional condition Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500

• Question 78:

  An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?

  A. Fortinet is assigned the Standard_ User administrator profile.

  B. A trusted host is configured.

  C. ADOM mode is configured with Advanced mode.

  D. Fortinet is assigned the Restricted_ User administrator profile.

  Correct Answer: A

• Question 79:

  In FortiAnalyzer's FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?

  A. Configure local DNS servers on FortiAnalyzer

  B. Resolve IPs on FortiGate

  C. Configure # set resolve-ip enable in the system FortiView settings

  D. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

  Correct Answer: B

• Question 80:

  You've moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?

  A. FortiAnalyzer resets the disk quota of the new ADOM to default.

  B. FortiAnalyzer migrates archive logs to the new ADOM.

  C. FortiAnalyzer migrates analytics logs to the new ADOM.

  D. FortiAnalyzer removes logs from the old ADOM.

  Correct Answer: C

  When you move a device, only the archive logs (compressed logs) are migrated to the new ADOM. The analytics logs (indexed logs) stay in the old ADOM until you rebuild the database. https://kb.fortinet.com/kb/documentLink.do?externalID=FD40383