What are two benefits of using fabric connectors? (Choose two.)

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Which statement correctly describes the management extensions available on FortiAnalyzer?

Management extensions may require a minimum number of CPU cores to run

Management extensions do not require additional licenses.

Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.

Management extensions require a dedicated VM for best performance.

Which statement describes a dataset in FortiAnalyzer?

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

Which statement describes archive logs on FortiAnalyzer?

Logs compressed and saved in files with the .gz extension

Logs a FortiAnalyzer administrator can access in FortiView

Logs previously collected from devices that are offline

Logs that are indexed and stored in the SQL database

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Make sure all endpoints are reachable by FortiAnalyzer.

Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer.

An administrator has configured the following settings: config system fortiview setting set resolve-ip enable end What is the significance of running this command?

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer.

What is the purpose of output variables?

To use the output of the previous task as the input of the current task

To store playbook execution statistics

To save all the task settings when a playbook is exported

To display details of the connectors used by a playbook

Which two statements are true regarding the outbreak detection service? (Choose two.)

It automatically downloads new event handlers and reports.

An additional license is required

Outbreak alerts are available on the root ADOM only.

New alerts are received by email.

Which log will generate an event with the status Contained?

An AV log with action=quarantine.

AWebFilter log with action=dropped.

An AppControl log with action=blocked.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than “admin?, and coming from Laptop1. Which filter will achieve the desired result?

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

operation-login & dstip==10.1.1.210 & user!-admin

operation-login & sreip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

What are two advantages of grouping similar reports? (Choose two.)

Reduces the number of hcache tables and improves auto-hcache completion time

Improves report completion time

Conserves disk space on FortiAnalyzer by grouping multiple similar reports

Provides a better summary of reports

Which statement describes online logs on FortiAnalyzer?

Logs that can be used to create reports

Logs that reached a specific size and were rolled over

Logs that can be viewed using Log Browse

Logs that are saved to disk, compressed, and available in FortiView

After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario? (Choose two.)

The logfiled service has not indexed all the expected logs.

The time frame selected in the report is wrong.

You enabled auto-cache with extended log filtering.

The logs were overwritten by the data retention policy.

What is the purpose of predefined report templates on FortiAnalyzer?

They specify the layout used in reports.

they can be customized to meet the needs of the intended audience.

They can be created by saving reports as templates.

They include the data used in reports charts.

Which statement is true about sending notifications with incident updates?

You can send notifications to multiple external platforms.

Notifications can be sent only by email.

If you use multiple fabric connectors, all connectors must have the same notification settings.

Notifications can be sent only when an incident is updated or deleted.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

To build a dataset and chart automatically, based on the filtered search results

To add a new chart under FortiView to be used in new reports

To add charts directly to generate reports in the current ADOM

To build a chart automatically based on the top 100 log entries

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

You can import a playbook even if there is another one with the same name in the destination

A playbook that was disabled when it was exported will be disabled when it is imported

You can export only one playbook at a time.

Playbooks can be exported and imported only within the same FortiAnalyzer device.

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

The generation time for reports is decreased

When new logs are received, the hard-cache data is updated automatically.

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

Which two statements about a FortiAnalyzer Fabric are true? (Choose two.)

Fabric members must be in the same time zone as the supervisor.

The supervisor can access the logs in the fabric members using an API.

Fabric members and the supervisor support HA.

All fabric members must run in collector mode except the supervisor.

Which statement about the FortiSOAR management extension is correct?

It runs as a docker container on FortiAnalyzer.

It requires a FortiManager configured to manage FortiGate.

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

What must you consider when using log fetching? (Choose two.)

You can use filters to include only logs from a single device

The archive logs retrieved from the server become archive logs in the client

The fetch client can retrieve logs from devices that are not added to its local Device Manager.

The fetching profile must include a user with the Super_User profile.

What is the purpose of using prefilters when configuring event handlers?

They limit which logs are checked for matches by the other filters.

They can filter the logs before they are processed by FortiAnalyzer.

They download new filters to be used in event handlers.

They are common filters applied simultaneously to all event handlers.

NSE5_FAZ-7.2

Authored by David Peña

Instructional Technology

Professional Development

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

37 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which statement about sending notifications with incident updates is true?

Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Why must you wait for several minutes before you run a playbook that you just created?

FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to parse the new playbook

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How can you attach a report to an incident?

By attaching it to an event handler alert

By editing the settings of the desired report

From the properties of an existing incident

Saving it in JSON format, and then importing it

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which statement is correct regarding the event displayed?

The security event risk is considered open.

The security risk was blocked or dropped

The risk source is isolated.

An incident was created from this event.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

FortiAnalyzer flags the associated host for further analysis.

The endpoint is marked as Compromised and, optionally, can be put in quarantine.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two methods can you use to send notifications when an event occurs that matches a configured event handler? (Choose two.)

Send Alert through Fabric Connectors

Send Alert through FortiSIEM MEA

Send SNMP trap

Send SMS notification

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Why run the command diagnose sql status sqlplugind?

To list the current SQL processes running

To check what is the database log insertion status

To display the SQL query connections and hcache status

To view the current hcache size

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

Công nghệ giữa kỳ 2

Quiz

•

Professional Development

35 questions

QCM & Hostess 2

Quiz

•

Professional Development

40 questions

Test_03

Quiz

•

Professional Development

41 questions

Quiz on Study Focus

Quiz

•

Professional Development

41 questions

Questionário sobre a Metodologia SENAI

Quiz

•

Professional Development

40 questions

CJ's ultimate quiz - Week 9

Quiz

•

Professional Development

35 questions

Quiz 1 - DBMS

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Instructional Technology

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development