Fortinet nse5-faz-7-2 practice test
fortianalyzer 7.2 analyst
Question 1
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
- A. Thirteen events will be added.
- B. Five events will be added.
- C. No events will be added.
- D. Ten events will be added.
Answer:
d
Question 2
Which statement describes a dataset in FortiAnalyzer?
- A. They determine what data is retrieved from the database.
- B. They provide the layout used for reports.
- C. They are used to set the data included in templates.
- D. They define the chart types to be used in reports.
Answer:
a
Question 3
Refer to the exhibit.
What does the data point at 12:20 indicate?
- A. The performance of FortiAnalyzer is below the baseline.
- B. FortiAnalyzer is using its cache to avoid dropping logs.
- C. The log insert lag time is increasing.
- D. The sqlplugind service is caught up with new logs.
Answer:
c
Question 4
What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?
- A. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
- B. FortiAnalyzer flags the associated host for further analysis.
- C. A new Infected entry is added for the corresponding endpoint.
- D. The detection engine classifies those logs as Suspicious.
Answer:
a
Question 5
An administrator has configured the following settings:
config system fortiview setting
set resolve-ip enable
end
What is the significance of running this command?
- A. Use this command only if the source IP addresses are not resolved on FortiGate.
- B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
- C. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
- D. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer.
Answer:
b
Question 6
What are two benefits of using fabric connectors? (Choose two.)
- A. They allow FortiAnalyzer to send logs in real-time to public cloud accounts.
- B. You do not need an additional license to send logs to the cloud platform.
- C. Fabric connectors allow you to improve redundancy.
- D. Using fabric connectors is more efficient than using third-party polling with API.
Answer:
bd
Question 7
You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
- A. FortiAnalyzer Event Handler
- B. Incoming webhook
- C. Fabric Connector event
- D. FortiOS Event Log
Answer:
b
Question 8
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)
- A. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
- B. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
- C. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
- D. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
Answer:
cd
Question 9
Refer to the exhibit.
Which statement is correct regarding the event displayed?
- A. The security event risk is considered open.
- B. The security risk was blocked or dropped.
- C. The risk source is isolated.
- D. An incident was created from this event.
Answer:
a
Question 10
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
- A. The size of newly generated reports is optimized to conserve disk space.
- B. FortiAnalyzer local cache is used to store generated reports.
- C. When new logs are received, the hard-cache data is updated automatically.
- D. The generation time for reports is decreased.
Answer:
cd