NSE5_FAZ-7.2 Sample Questions Answers

Improve report completion time.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

Reduce the number of hcache tables and improve auto-hcache completion time.

Provides a better summary of reports.

To reset the disk quota enforcement to default

To remove the analytics logs of the device from the old database

To migrate the archive logs to the new ADOM

To populate the new ADOM with analytical logs for the moved device, so you can run reports

You can export only one playbook at a time.

You can import a playbook even if there is another one with the same name in the destination.

Playbooks can be exported and imported only within the same FortiAnaryzer.

A playbook that was disabled when it was exported, will be disabled when it is imported.

This FortiAnalyzer will join to the existing HA cluster as the primary.

This FortiAnalyzer is configured to receive logs in its port1.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

After joining to the cluster, this FortiAnalyzer will keep an updated log database.

Standalone

Manager

Analyzer

Collector

FortiAnalyzer needs that time to parse the new playbook.

FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

FortiAnalyzerl and FortiAnalyzer3

FortiAnalyzer1 and FortiAnalyzer2

All devices listed can be members

FortiAnalyzer2 and FortiAnalyzer3

License type

Disk size

Total quota

RAID level

Option A

Option B

Option C

Option D

Antivirus logs

Web filter logs

IPS logs

Application control logs

Configure trusted hosts for that administrator.

Enable geo-location services on accessible interface.

Configure two-factor authentication with a remote RADIUS server.

Configure an ADOM for respective location.

One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.

The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.

The hard driveiIs no longer being used by the RAID controller

Both modes, forwarding and aggregation, support encryption of logs between devices.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

operation-login & dstip==10.1.1.210 & user!-admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses themiglogdprocess to cache the logs

Thelogfiledprocess stores logs in offline mode

Logs are dropped

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

Use the execute sql-report run ADOM1 command to run a report.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

FortiAnalyzer provides the ability to create custom reports.

FortiAnalyzer glows you to schedule reports to run.

FortiAnalyzer includes pre-defined reports only.

FortiAnalyzer allows reporting for FortiGate devices only.

By default, Log Data Sync is disabled on all backup devise.

Log Data Sync provides real-time log synchronization to all backup devices.

With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

An account that permits access to members of an LDAP group

An account that allows guest access with read-only privileges

An account that requires two-factor authentication

An account that validates against any user account on a FortiAuthenticator

To store playbook execution statistics

To use the output of the previous task as the input of the current task

To display details of the connectors used by a playbook

To save all the task settings when a playbook is exported

Use DNS

Use host name resolution

Use real-time forwarding

Use an NTP server

Output profiles

Report settings

Report scheduling

Custom datasets

Chart Builder

Export to Report Chart

Dataset Library

Custom View

Principal

Service provider

Identity collector

Identity provider

System information

Logs from registered devices

Report information

Database snapshot

SMS

Email

SNMP

IM

Export to Report Chart

Export to PDF

Export to Chart Builder

Export to Custom Chart

FortiAnalyzer Event Handler

Incoming webhook

FortiOS Event Log

Fabric Connector event

SSL is the default setting.

SSL communications are auto-negotiated between the two devices.

SSL can send logs in real-time only.

SSL encryption levels are globally set on FortiAnalyzer.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

This feature allows you to build a chart under FortiView.

You can add charts to generated reports using this feature.

To add a log file checksum

To add the MD’s hash value and authentication code

To add a unique tag to each log to prove that it came from this FortiAnalyzer

To encrypt log communications

To reduce report generation time

To automatically update the hcache when new logs arrive

To reduce the log insert lag rate

To provide diagnostics on report generation time

To add a new chart under FortiView to be used in new reports

To build a dataset and chart automatically, based on the filtered search results

To add charts directly to generate reports in the current ADOM

To build a chart automatically based on the top 100 log entries

Hot swap the disk

Replace the disk and rebuild the RAID manually

Take no action if the RAID level supports a failed disk

Shut down FortiAnalyzer and replace the disk

To add a unique tag to each log to prove that it came from this FortiAnalyzer

To add the MD5 hash value and authentication code

To add a log file checksum

To encrypt log communications