[Dec 11, 2023] Pass NSE 5 Network Security Analyst NSE5_FAZ-7.2 Exam With 138 Questions
Ultimate Guide to Prepare Free Fortinet NSE5_FAZ-7.2 Exam Questions and Answer
The Fortinet NSE 5 - FortiAnalyzer 7.2 Analyst certification is ideal for IT professionals who work with FortiAnalyzer on a daily basis and want to enhance their skills and knowledge in this area. It is also useful for those who are looking to advance their careers in the field of network security and want to demonstrate their expertise in FortiAnalyzer.
NEW QUESTION # 80
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
- A. Antivirus logs
- B. Application control logs
- C. Web filter logs
- D. IPS logs
Answer: C
Explanation:
Reference:
FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?
TocPath=FortiView%7CUsing%20FortiView%7C_____6
NEW QUESTION # 81
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.
What is the recommended method to replace the disk?
- A. Perform a hot swap
- B. Downgrade your RAID level, replace the disk, and then upgrade your RAID level
- C. Shut down FortiAnalyzer and then replace the disk
- D. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running
Answer: C
Explanation:
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping
NEW QUESTION # 82
Refer to the exhibit.
Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:
Which filter will achieve the desired result?
- A. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
- B. operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin
- C. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin
- D. operation-login & dstip==10.1.1.210 & userl-admin
Answer: C
Explanation:
On there the task was to create a filter for failed logins from any other location but the local computer: "Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer."
NEW QUESTION # 83
What is the purpose of a dataset query in FortiAnalyzer?
- A. It injects log data into the database
- B. It extracts the database schema
- C. It retrieves log data from the database
- D. It sorts log data into tables
Answer: C
NEW QUESTION # 84
You crested a playbook on FortiAnalyzer that uses a FortiOS connector
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
- A. Incoming webhook
- B. FortiOS Event Log
- C. FortiAnalyzer Event Handler
- D. Fabric Connector event
Answer: A
Explanation:
"One possible scenario is shown on the slide:
1. Traffic flows through the FortiGate
2. FortiGate sends logs to FortiAnalyzer
3. FortiAnalyzer detects some suspicious traffic and generates an event
4. The event triggers the execution of a playbook in FortiAnalyzer, which sends a webhook call to FortiGate so that it runs an automation stitch
5. FortiGate runs the automation stitch with the corrective or preventive actions" FortiAnalyzer_7.0_Study_Guide-Online page 228 In order to see the actions related to the FOS connector, you must enable an automation rule using the Incoming Webhook Call trigger on the FortiGate side. FortiAnalyzer_7.0_Study Guide page no 233
NEW QUESTION # 85
FortiAnalyzer centralizes which functions? (Choose three)
- A. Graphical reporting
- B. Vulnerability assessment
- C. Network analysis
- D. Content archiving / data mining
- E. Security log analysis / forensics
Answer: A,D,E
NEW QUESTION # 86
Which item must you configure on FortiAnalyzer to email generated reports automatically?
- A. SNMP server
- B. SFTP server
- C. Report scheduling
- D. Output profile
Answer: D
NEW QUESTION # 87
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A. A remote LDAP server
- B. An administrator group
- C. A trusted host profile that restricts access to the LDAP group
- D. A local wildcard administrator account
Answer: A,D
NEW QUESTION # 88
Refer to the exhibit.
The exhibit shows "remoteservergroup" is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling "Match all users on remote server" when configuring a new administrator? (Choose two.)
- A. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.
- B. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.
- C. It allows administrators to use two-factor authentication.
- D. It creates a wildcard administrator using LDAP and RADIUS servers.
Answer: A,D
NEW QUESTION # 89
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.
What is the most likely problem?
- A. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
- B. The total disk space is insufficient and you need to add other disk
- C. CPU resources are too high
- D. The ADOM disk quota is set too low, based on log rates
Answer: D
Explanation:
Reference:
20logs.htm
NEW QUESTION # 90
What can the CLI command # diagnose test application oftpd 3 help you to determine?
- A. What devices and IP addresses are connecting to FortiAnalyzer
- B. What logs, if any, are reaching FortiAnalyzer
- C. What devices are registered and unregistered
- D. What ADOMs are enabled and configured
Answer: A
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/395556/test#test_application
NEW QUESTION # 91
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
- A. You can export only one playbook at a time.
- B. A playbook that was disabled when it was exported, will be disabled when it is imported.
- C. Playbooks can be exported and imported only within the same FortiAnaryzer.
- D. You can import a playbook even if there is another one with the same name in the destination.
Answer: B,D
Explanation:
If the imported playbook has the same name as an existing one, FortiAnalyzer will create a new name that includes a timestamp to avoid conflicts.
Playbooks are imported with the same status they had (enabled or disabled) when they were exported.
Playbooks set to run automatically should be exported while they are disabled to avoid unintended runs on the destination.
NEW QUESTION # 92
Which statement describes online logs on FortiAnalyzer?
- A. Logs that reached a specific size and were rolled over
- B. Logs that can be used to create reports
- C. Logs that are saved to disk, compressed, and available in FortiView
- D. Logs that can be viewed using Log Browse
Answer: D
NEW QUESTION # 93
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
- A. Output profiles
- B. Custom datasets
- C. Report scheduling
- D. Report settings
Answer: B
NEW QUESTION # 94
What are two benefits of using fabric connectors? (Choose two.)
- A. You do not need an additional license to send logs to the cloud platform.
- B. Fabric connectors allow you to improve redundancy.
- C. They allow FortiAnalyzer to send logs in real-time to public cloud accounts.
- D. Using fabric connectors is more efficient than using third-party polling with API.
Answer: B,C
NEW QUESTION # 95
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server?
(Choose two.)
- A. Mail server
- B. SFTP, FTP, or SCP server
- C. Report scheduling
- D. Output profile
Answer: B,D
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-guide/598322/creating-output-profiles
NEW QUESTION # 96
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)
- A. FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
- B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
- C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
- D. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.
Answer: B,C
Explanation:
Reference:
FortiAnalyzer HA implementation works only in networks where Virtual Router Redundancy Protocol (VRRP) is permitted. Therefore it may not be supported by some public cloud infrastructures.
NEW QUESTION # 97
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)
- A. Email
- B. IM
- C. SNMP
- D. SMS
Answer: A,C
Explanation:
Reference:
FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm
NEW QUESTION # 98
......
To earn the Fortinet NSE5_FAZ-7.2 certification, candidates must have a solid understanding of FortiAnalyzer's features and functionality, as well as the ability to use the tool to analyze network traffic, detect security threats, and manage security policies. They must also have practical experience working with FortiAnalyzer in a real-world environment.
Pass NSE5_FAZ-7.2 Tests Engine pdf - All Free Dumps: https://getfreedumps.passreview.com/NSE5_FAZ-7.2-exam-questions.html