100% Real NSE5_FAZ-7.2 dumps - Brilliant NSE5_FAZ-7.2 Exam Questions PDF [Q74-Q96]

100% Real NSE5_FAZ-7.2 dumps  - Brilliant NSE5_FAZ-7.2 Exam Questions PDF

NSE5_FAZ-7.2 Exam PDF [2024] Tests Free Updated Today with Correct 138 Questions

NEW QUESTION # 74
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)

• A. SMS
• B. SNMP
• C. Email
• D. IM

Answer: B,C

Explanation:
Reference:
FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm

NEW QUESTION # 75
Which statement about the FortiSIEM management extension is correct?

• A. It requires a licensed FortiSIEM supervisor.
• B. It can be installed as a dedicated VM.
• C. Allows you to manage the entire life cycle of a threat or breach.
• D. Its use of the available disk space is capped at 50%.

Answer: C

NEW QUESTION # 76
Refer to the exhibit.

What does the data point at 12:20 indicate?

• A. FortiAnalyzer is using its cache to avoid dropping logs.
• B. The sqlplugind service is caught up with new logs.
• C. The performance of FortiAnalyzer is below the baseline.
• D. The log insert lag time is increasing.

Answer: D

NEW QUESTION # 77
Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

• A. To build a chart automatically based on the top 100 log entries
• B. To build a dataset and chart automatically, based on the filtered search results
• C. To add charts directly to generate reports in the current ADOM
• D. To add a new chart under FortiView to be used in new reports

Answer: B

NEW QUESTION # 78
Which daemon is responsible for enforcing raw log file size?

• A. miglogd
• B. oftpd
• C. logfiled
• D. sqlplugind

Answer: C

NEW QUESTION # 79
What is Log Insert Lag Time on FortiAnalyzer?

• A. The amount of time FortiAnalyzer takes to receive logs from a registered device
• B. The number of times in the logs where end users experienced slowness while accessing resources.
• C. The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.
• D. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

Answer: C

NEW QUESTION # 80
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

• A. FortiGate uses the miglogd process to cache the logs
• B. FortiAnalyzer uses log fetching to retrieve the logs when back online
• C. Logs are dropped
• D. The logfiled process stores logs in offline mode

Answer: A

NEW QUESTION # 81
On FortiAnalyzer, what is a wildcard administrator account?

• A. An account that validates against any user account on a FortiAuthenticator
• B. An account that allows guest access with read-only privileges
• C. An account that requires two-factor authentication
• D. An account that permits access to members of an LDAP group

Answer: D

Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/747268/configuring-wildcard-admin-accounts

NEW QUESTION # 82
Refer to the exhibit.

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:
Which filter will achieve the desired result?

• A. operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin
• B. operation-login & dstip==10.1.1.210 & userl-admin
• C. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
• D. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

Answer: D

Explanation:
On there the task was to create a filter for failed logins from any other location but the local computer: "Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer."

NEW QUESTION # 83
Which two statements are true regarding the outbreak detection service? (Choose two.)

• A. It automatically downloads new event handlers and reports.
• B. Outbreak alerts are available on the root ADOM only.
• C. New alerts are received by email.
• D. An additional license is required.

Answer: A,D

NEW QUESTION # 84
What is the purpose of output variables?

• A. To store playbook execution statistics
• B. To use the output of the previous task as the input of the current task
• C. To display details of the connectors used by a playbook
• D. To save all the task settings when a playbook is exported

Answer: B

Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 242: Output variables allow you to use the output from a preceding task as an input to the current task.
"Output variables allow you to use the output from a preceding task as an input to the current task." FortiAnalyzer_7.0_Study_Guide-Online page 242

NEW QUESTION # 85
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

• A. Threat hunting
• B. Incidents dashboards
• C. FortiView Monitor
• D. Outbreak alert services

Answer: A

Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 217: Threat hunting consists in proactively searching for suspicious or potentially risky network activity in your environment. The proactive approach will help administrator find any threats that might have eluded detection by the current security solutions or configurations.

NEW QUESTION # 86
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

• A. ADOMs constrain other administrator's access privileges to a subset of devices in the device list.
• B. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.
• C. ADOMs are enabled by default.
• D. All administrators can create ADOMs--not just the admin administrator.

Answer: A,B

NEW QUESTION # 87
For which two purposes would you use the command set log checksum? (Choose two.)

• A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
• B. To prevent log modification or tampering
• C. To send an identical set of logs to a second logging server
• D. To encrypt log communications

Answer: A,B

Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the config system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp, and authentication code when the log is rolled and archived and when the log is uploaded (if that feature is enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer to an SSH File Transfer Protocol (SFTP) server during log upload.
FortiAnalyzer_7.0_Study_Guide-Online page 149

NEW QUESTION # 88
What are the operating modes of FortiAnalyzer? (Choose two)

• A. Manager
• B. Analyzer
• C. Standalone
• D. Collector

Answer: B,D

NEW QUESTION # 89
You've moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?

• A. FortiAnalyzer migrates analytics logs to the new ADOM.
• B. FortiAnalyzer resets the disk quota of the new ADOM to default.
• C. FortiAnalyzer migrates archive logs to the new ADOM.
• D. FortiAnalyzer removes logs from the old ADOM.

Answer: A

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40383

NEW QUESTION # 90
Refer to the exhibit.

What does the data point at 14:55 tell you?

• A. The received rate is almost at its maximum for this device
• B. Logs are being dropped
• C. Raw logs are reaching FortiAnalyzer faster than they can be indexed
• D. The sqlplugind daemon is behind in log indexing by two logs

Answer: C

NEW QUESTION # 91
Which item must you configure on FortiAnalyzer to email generated reports automatically?

• A. SFTP server
• B. Output profile
• C. SNMP server
• D. Report scheduling

Answer: B

NEW QUESTION # 92
Which statement is true regarding Macros on FortiAnalyzer?

• A. Macros are supported only on the FortiGate ADOM.
• B. Macros are useful in generating excel log files automatically based on the reports settings.
• C. Macros are predefined templates for reports and cannot be customized.
• D. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

Answer: D

Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 283: Note that macros are ADOM-specific and supported in FortiGate and FortiCarrier ADOMs only.

NEW QUESTION # 93
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

• A. Use an NTP server
• B. Use host name resolution
• C. Use real-time forwarding
• D. Use DNS

Answer: A

NEW QUESTION # 94
What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

• A. The FortiGate serial number
• B. Valid FortiAnalyzer credentials
• C. A FortiGate ADOM
• D. A pre-shared key

Answer: B

Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 93: The fourth method uses the Fortinet Security Fabric authorization process. This method requires that both FortiGate and FortiAnalyzer are running version 7.0.1 or higher. It is also required that the FortiGate administrator has valid credentials to log in on FortiAnalyzer and complete the registration.
https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/13897/adding-a-fortigate-using-security-fabric-authorization

NEW QUESTION # 95
Which statement describes a dataset in FortiAnalyzer?

• A. They are used to set the data included in templates.
• B. hey provide the layout used for reports.
• C. They define the chart types to be used in reports.
• D. They determine what data is retrieved from the database.

Answer: D

NEW QUESTION # 96
......

Verified & Correct NSE5_FAZ-7.2 Practice Test Reliable Source May 22, 2024 Updated: https://www.testpassking.com/NSE5_FAZ-7.2-exam-testking-pass.html

Fortinet NSE5_FAZ-7.2 Exam Preparation Guide and PDF Download: https://drive.google.com/open?id=1yw-DCUbn9HdPSYcVtlOgEjGjTf1qw4gS