Fortinet NSE5_FAZ-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE5_FAZ-7.2 Online Questions & Answers

• Question 21:

  How can you attach a report to an incident?

  A. By attaching it to an event handler alert
  B. By editing the settings of the desired report
  C. From the properties of an existing incident
  D. Saving it in JSON format, and then importing it
  C. From the properties of an existing incident

• Question 22:

  Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

  A. Virtual domains
  B. Administrative access profiles
  C. Trusted hosts
  D. Security Fabric
  B. Administrative access profiles
  C. Trusted hosts

• Question 23:

  What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

  A. The endpoint is marked as Compromised and. optionally, can be put in quarantine.
  B. FortiAnalyzer flags the associated host for further analysis.
  C. A new Infected entry is added for the corresponding endpoint.
  D. The detection engine classifies those logs as Suspicious
  C. A new Infected entry is added for the corresponding endpoint.

• Question 24:

  What is the purpose of trigger variables?

  A. To display statistics about the playbook runtime
  B. To use information from the trigger to filter the action in a task
  C. To provide the trigger information to make the playbook start running
  D. To store the start times of playbooks with On_Schedule triggers
  A. To display statistics about the playbook runtime

• Question 25:

  Refer to the exhibit.

  

  What does the data point at 12:20 indicate?

  A. The performance of FortiAnalyzer is below the baseline.
  B. FortiAnalyzer is using its cache to avoid dropping logs.
  C. The log insert lag time is increasing.
  D. The sqlplugind service is caught up with new logs.
  D. The sqlplugind service is caught up with new logs.

• Question 26:

  Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

  A. System information
  B. Logs from registered devices
  C. Report information
  D. Database snapshot
  A. System information
  C. Report information

• Question 27:

  FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

  A. To upload logs to an SFTP server
  B. To prevent log modification during backup
  C. To send an identical set of logs to a second logging server
  D. To encrypt log communication between devices
  D. To encrypt log communication between devices

• Question 28:

  Which daemon is responsible for enforcing raw log file size?

  A. logfiled
  B. oftpd
  C. sqlplugind
  D. miglogd
  A. logfiled

• Question 29:

  What is the purpose of a predefined template on the FortiAnalyzer?

  A. It can be edited and modified as required
  B. It specifies the report layout which contains predefined texts, charts, and macros
  C. It specifies report settings which contains time period, device selection, and schedule
  D. It contains predefined data to generate mock reports
  B. It specifies the report layout which contains predefined texts, charts, and macros

• Question 30:

  Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

  A. The total disk space is insufficient and you need to add other disk.
  B. CPU resources are too high.
  C. The ADOM disk quota is set too low based on log rates.
  D. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.
  C. The ADOM disk quota is set too low based on log rates.