NSE5_FAZ-7.2 PDF Pass Leader, NSE5_FAZ-7.2 Latest Real Test [Q25-Q44]

Q25. An administrator has moved FortiGate A from the root ADOM to ADOM1.
Which two statements are true regarding logs? (Choose two.)

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

Logs will be presented in both ADOMs immediately after the move.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Q26. Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

FROM

LIMIT

WHERE

ORDER BY

Q27. What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

Q28. Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

To properly correlate logs

To use real-time forwarding

To resolve host names

To improve DNS response times

Q29. Refer to the exhibit.

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

It creates a wildcard administrator using LDAP and RADIUS servers.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

It allows administrators to use two-factor authentication.

Q30. For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

Use DNS

Use host name resolution

Use real-time forwarding

Use an NTP server

Q31. Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

The total disk space is insufficient and you need to add other disk.

CPU resources are too high.

The ADOM disk quota is set too low based on log rates.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Q32. Which statement correctly describes the management extensions available on FortiAnalyzer?

Management extensions do not require additional licenses.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

Management extensions require a dedicated VM for best performance.

Management extensions may require a minimum number of CPU cores to run.

Q33. What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?

Chart Builder

Export to Report Chart

Dataset Library

Custom View

Q34. What FortiGate process caches logs when FortiAnalyzer is not reachable?

logfiled

sqlplugind

oftpd

miglogd

Q35. An administrator has configured the following settings:
config system global
set log-checksum md5-auth
end
What is the significance of executing this command?

This command records the log file MD5 hash value.

This command records passwords in log files and encrypts them.

This command encrypts log transfer between FortiAnalyzer and other devices.

This command records the log file MD5 hash value and authentication code.

Q36. You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses the miglogd process to cache the logs

The logfiled process stores logs in offline mode

Logs are dropped

Q37. How can you attach a report to an incident?

By attaching it to an event handler alert

By editing the settings of the desired report

From the properties of an existing incident

Saving it in JSON format, and then importing it

Q38. Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?

This FortiAnalyzer will join to the existing HA cluster as the primary.

This FortiAnalyzer is configured to receive logs in its port1.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

After joining to the cluster, this FortiAnalyzer will keep an updated log database.

Q39. What is the purpose of output variables?

To store playbook execution statistics

To use the output of the previous task as the input of the current task

To display details of the connectors used by a playbook

To save all the task settings when a playbook is exported

Q40. What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

FortiAnalyzer flags the associated host for further analysis.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious

Q41. Refer to the exhibits.

How many events will be added to the incident created after running this playbook?

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

Q42. Refer to the exhibit.

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than “admin” and coming from Laptop1:
Which filter will achieve the desired result?

operation-login & performed_on==”GUI(10.1.1.100)” & user!=admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & dstip==10.1.1.210 & userl-admin

operation-login & performed_on==”GUI(10.1.1.210)’ & user!=admin

Q43. What statements are true regarding disk log quota? (Choose two)

The FortiAnalyzer stops logging once the disk log quota is met.

The FortiAnalyzer automatically sets the disk log quota based on the device.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Q44. How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

Set the ADOM mode to Advanced

Assign the ADOMs to the administrator’s account

Configure trusted hosts

Assign the default Super_User administrator profile

Related posts:

admin

You might also like

Leave a Reply Cancel reply