Fortinet nse5-faz-7-2 practice test
fortianalyzer 7.2 analyst
Last exam update: Oct 15 ,2024
Question 1
Which two methods can you use to send notifications when an event occurs that matches a configured event handier? (Choose two.)
- A. Send Alert through Fabric Connectors
- B. Send Alert through FortiSIEM MEA
- C. Send SNMP trap
- D. Send SMS notification
Answer:
ac
Question 2
What must you consider when using log fetching? (Choose two.)
- A. The fetch client can retrieve logs from devices that are not added to its local Device Manager.
- B. You can use filters to include only logs from a single device.
- C. The fetching profile must include a user with the Super_User profile.
- D. The archive logs retrieved from the server become archive logs in the client.
Answer:
ab
Question 3
Refer to the exhibit.
What is the purpose of using the Chart Builder feature on FortiAnalyzer?
- A. To add a new chart under FortiView to be used in new reports
- B. To build a dataset and chart automatically, based on the filtered search results
- C. To add charts directly to generate reports in the current ADOM
- D. To build a chart automatically based on the top 100 log entries
Answer:
b
Question 4
Which two statements are true regarding the outbreak detection service? (Choose two.)
- A. New alerts are received by email.
- B. Outbreak alerts are available on the root ADOM only.
- C. An additional license is required.
- D. It automatically downloads new event handlers and reports.
Answer:
cd
Question 5
Why must you wait for several minutes before you run a playbook that you just created?
- A. FortiAnalyzer needs that time to parse the new playbook.
- B. FortiAnalyzer needs that time to back up the current playbooks.
- C. FortiAnalyzer needs that time to ensure there are no other playbooks running.
- D. FortiAnalyzer needs that time to debug the new playbook.
Answer:
a
Question 6
Which log will generate an event with the status Contained?
- A. An IPS log with action=pass.
- B. AWebFilter log with action=dropped.
- C. An AV log with action=quarantine.
- D. An AppControl log with action=blocked.
Answer:
c
Question 7
Which statement about the FortiSIEM management extension is correct?
- A. Allows you to manage the entire life cycle of a threat or breach.
- B. Its use of the available disk space is capped at 50%.
- C. It requires a licensed FortiSIEM supervisor.
- D. It can be installed as a dedicated VM.
Answer:
c
Question 8
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
- A. Outbreak alert services
- B. FortiView Monitor
- C. Threat hunting
- D. Incidents dashboard
Answer:
c
Question 9
Which statement describes archive logs on FortiAnalyzer?
- A. Logs compressed and saved in files with the .gz extension
- B. Logs a FortiAnalyzer administrator can access in FortiView
- C. Logs that are indexed and stored in the SQL database
- D. Logs previously collected from devices that are offline
Answer:
a
Question 10
Refer to the exhibit.
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than admin, and coming from Laptop1.
Which filter will achieve the desired result?
- A. operation~login & dstip==10.1.1.210 & user!~admin
- B. operation~login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
- C. operation~login & performed_on=="GUI(10.1.1.210)" & user!=admin
- D. operation~login & performed_on=="GUI(10.1.1.100)" & user!=admin
Answer:
d