1. Home
  2. Fortinet
  3. NSE 5 Network Security Analyst
  4. NSE5_FAZ-7.2
  5. Fortinet NSE 5 - FortiAnalyzer 7.2 Questions and Answers

Pass the Fortinet NSE 5 Network Security Analyst NSE5_FAZ-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 5 pages
Viewing questions 21-30 out of questions
Questions # 21:

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

Options:
A.

Virtual domains

B.

Administrative access profiles

C.

Trusted hosts

D.

Security Fabric

Expert Solution
Questions # 22:

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Options:
A.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.

FortiAnalyzer flags the associated host for further analysis.

C.

A new Infected entry is added for the corresponding endpoint.

D.

The detection engine classifies those logs as Suspicious

Expert Solution
Questions # 23:

Refer to the exhibit.

Question # 23

What does the data point at 12:20 indicate?

Options:
A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Expert Solution
Questions # 24:

What can you do on FortiAnalyzer to restrict administrative access from specific locations?

Options:
A.

Configure trusted hosts for that administrator.

B.

Enable geo-location services on accessible interface.

C.

Configure two-factor authentication with a remote RADIUS server.

D.

Configure an ADOM for respective location.

Expert Solution
Questions # 25:

How are logs forwarded when FortiAnalyzer is using aggregation mode?

Options:
A.

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

B.

Logs and content files are stored and uploaded at a scheduled time.

C.

Logs are forwarded as they are received.

D.

Logs and content files are forwarded as they are received.

Expert Solution
Questions # 26:

A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playbook after it is run?

Options:
A.

Running

B.

Failed

C.

Upstream_failed

D.

Success

Expert Solution
Questions # 27:

Which two statements about log forwarding are true? (Choose two.)

Options:
A.

Forwarded logs cannot be filtered to match specific criteria.

B.

Logs are forwarded in real-time only.

C.

The client retains a local copy of the logs after forwarding.

D.

You can use aggregation mode only with another FortiAnalyzer.

Expert Solution
Questions # 28:

If you upgrade the FortiAnalyzer firmware, which report element can be affected?

Options:
A.

Custom datasets

B.

Report scheduling

C.

Report settings

D.

Output profiles

Expert Solution
Questions # 29:

How can you configure FortiAnalyzer to permit administrator logins from only specific locations?

Options:
A.

Use static routes

B.

Use administrative profiles

C.

Use trusted hosts

D.

Use secure protocols

Expert Solution
Questions # 30:

Refer to the exhibit.

Question # 30

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.

Which filter will achieve the desired result?

Options:
A.

operation-login & dstip==10.1.1.210 & user!-admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

Expert Solution
Viewing page 3 out of 5 pages
Viewing questions 21-30 out of questions