Fortinet nse5-faz-6-4 practice test
Fortinet NSE 5 - FortiAnalyzer 6.4 Exam
Last exam update: Nov 30 ,2023
Question 1
What does the disk status Degraded mean for RAID management?
- A. One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.
- B. The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.
- C. The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.
- D. The hard drive Is no longer being used by the RAID controller
Answer:
D
Question 2
Which two statements are true regarding fabric connectors? (Choose two.)
- A. Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.
- B. Fabric connectors allow to save storage costs and improve redundancy.
- C. Storage connector service does not require a separate license to send logs to cloud platform.
- D. Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.
Answer:
A, D
Question 3
Which two statement are true regardless initial Logs sync and Log Data Sync for Ha on FortiAnalyzer?
- A. By default, Log Data Sync is disabled on all backup devise.
- B. Log Data Sync provides real-time log synchronization to all backup devices.
- C. With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.
- D. When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.
Answer:
C, D
Question 4
Refer to the exhibit.
What is the purpose of using the Chart Builder feature on FortiAnalyzer?
- A. In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.
- B. In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.
- C. This feature allows you to build a chart under FortiView.
- D. You can add charts to generated reports using this feature.
Answer:
A
Question 5
What is Log Insert Lag Time on FortiAnalyzer?
- A. The number of times in the logs where end users experienced slowness while accessing resources.
- B. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.
- C. The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.
- D. The amount of time FortiAnalyzer takes to receive logs from a registered device
Answer:
C
Question 6
What are analytics logs on FortiAnalyzer?
- A. Log type Traffic logs.
- B. Logs that roll over when the log file reaches a specific size.
- C. Logs that are indexed and stored in the SQL.
- D. Raw logs that are compressed and saved to a log file.
Answer:
C
Question 7
Which two statements express the advantages of grouping similar reports? (Choose two.)
- A. Improve report completion time.
- B. Conserve disk space on FortiAnalyzer by grouping multiple similar reports.
- C. Reduce the number of hcache tables and improve auto-hcache completion time.
- D. Provides a better summary of reports.
Answer:
A, C
Question 8
An administrator fortinet, is able to view logs and perform device management tasks, such as adding
and removing registered devices. However, administrator fortinet is not able to create a mall server
that can be used to send email.
What could be the problem?
- A. Fortinet is assigned the Standard_ User administrator profile.
- B. A trusted host is configured.
- C. ADOM mode is configured with Advanced mode.
- D. Fortinet is assigned the Restricted_ User administrator profile.
Answer:
A
Question 9
What can you do on FortiAnalyzer to restrict administrative access from specific locations?
- A. Configure trusted hosts for that administrator.
- B. Enable geo-location services on accessible interface.
- C. Configure two-factor authentication with a remote RADIUS server.
- D. Configure an ADOM for respective location.
Answer:
A
Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-
fortigate/582009/system-administrator-best-practices
Question 10
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered
search results.
Similarly, which feature you can use for FortiView?
- A. Export to Report Chart
- B. Export to PDF
- C. Export to Chart Builder
- D. Export to Custom Chart
Answer:
A
Explanation:
Reference:
https://community.fortinet.com/t5/FortiAnalyzer/Creating-a-Custom-report-from-
FortiView-Export-to-Report-Chart/ta-p/190154?externalID=FD40483
Question 11
What two things should an administrator do to view Compromised Hosts on FortiAnalyzer? (Choose
two.)
- A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
- B. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer.
- C. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up-to-date.
- D. Make sure all endpoints are reachable by FortiAnalyzer.
Answer:
BC
Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-
guide/137635/viewing-compromised-hosts
Question 12
An administrator has moved FortiGate A from the root ADOM to ADOM1.
Which two statements are true regarding logs? (Choose two.)
- A. Analytics logs will be moved to ADOM1 from the root ADOM automatically.
- B. Archived logs will be moved to ADOM1 from the root ADOM automatically.
- C. Logs will be presented in both ADOMs immediately after the move.
- D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.
Answer:
B, D
Explanation:
Reference:
https://community.fortinet.com/t5/Fortinet-Forum/FW-Migration-between-ADOMs/m-
p/32683?m=158008
Question 13
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)
- A. FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
- B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
- C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
- D. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.
Answer:
BC
Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FMG-
FAZ/4600_HA/0000_HA.htm?TocPath=High%20Availability%7C_____0
Question 14
Refer to the exhibit.
Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
- A. Report size will be optimized to conserve disk space on FortiAnalyzer.
- B. Reports will be cached in the memory.
- C. This feature is automatically enabled for scheduled reports.
- D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
Answer:
C, D
Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0025_Auto-
cache.htm
Question 15
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.
What can be the reason for this failure?
- A. FortiAnalyzer is in an HA cluster.
- B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
- C. ADOMs are not enabled on FortiAnalyzer.
- D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
Answer:
C
Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-
FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm