Exam4Training

Fortinet NSE5_FAZ-6.2 Fortinet NSE 5 – FortiAnalyzer 6.2 Online Training

Question #1

By default, what happens when a log file reaches its maximum file size?

  • A . FortiAnalyzer overwrites the log files.
  • B . FortiAnalyzer stops logging.
  • C . FortiAnalyzer rolls the active log by renaming the file.
  • D . FortiAnalyzer forwards logs to syslog.

Reveal Solution Hide Solution

Correct Answer: C
Question #2

Which statements are correct regarding FortiAnalyzer reports? (Choose two)

  • A . FortiAnalyzer provides the ability to create custom reports.
  • B . FortiAnalyzer glows you to schedule reports to run.
  • C . FortiAnalyzer includes pre-defined reports only.
  • D . FortiAnalyzer allows reporting for FortiGate devices only.

Reveal Solution Hide Solution

Correct Answer: A,B
Question #3

Refer to the exhibit.

What does the data point at 14:55 tell you?

  • A . The received rate is almost at its maximum for this device
  • B . The sqlplugind daemon is behind in log indexing by two logs
  • C . Logs are being dropped
  • D . Raw logs are reaching FortiAnalyzer faster than they can be indexed

Reveal Solution Hide Solution

Correct Answer: C
Question #4

On FortiAnalyzer, what is a wildcard administrator account?

  • A . An account that permits access to members of an LDAP group
  • B . An account that allows guest access with read-only privileges
  • C . An account that requires two-factor authentication
  • D . An account that validates against any user account on a FortiAuthenticator

Reveal Solution Hide Solution

Correct Answer: D
Question #5

How does FortiAnalyzer retrieve specific log data from the database?

  • A . SQL FROM statement
  • B . SQL GET statement
  • C . SQL SELECT statement
  • D . SQL EXTRACT statement

Reveal Solution Hide Solution

Correct Answer: C
Question #6

For which two purposes would you use the command set log checksum? (Choose two.)

  • A . To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
  • B . To prevent log modification or tampering
  • C . To encrypt log communications
  • D . To send an identical set of logs to a second logging server

Reveal Solution Hide Solution

Correct Answer: A,B
A,B

Explanation:

To prevent the log in the store from being modified, you can add a log checksum by using the config system global command. When the log is split, archived, and the log is uploaded (if the feature is enabled), you can configure the FortiAnalyzer to log the log file hash value, timestamp, and authentication code. This can help defend against man-in-the-middle attacks when uploading log transmission data from the

FortiAnalyzer to the SFTP server.

Question #7

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

  • A . To upload logs to an SFTP server
  • B . To prevent log modification during backup
  • C . To send an identical set of logs to a second logging server
  • D . To encrypt log communication between devices

Reveal Solution Hide Solution

Correct Answer: D
Question #8

What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three)

  • A . RADIUS
  • B . Local
  • C . LDAP
  • D . PKI
  • E . TACACS+

Reveal Solution Hide Solution

Correct Answer: A,C,E
Question #9

What is the purpose of employing RAID with FortiAnalyzer?

  • A . To introduce redundancy to your log data
  • B . To provide data separation between ADOMs
  • C . To separate analytical and archive data
  • D . To back up your logs

Reveal Solution Hide Solution

Correct Answer: A
Question #10

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.

What is the most likely problem?

  • A . CPU resources are too high
  • B . Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
  • C . The total disk space is insufficient and you need to add other disk
  • D . The ADOM disk quota is set too low, based on log rates

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1100_Storage/0017_Deleted%20device%20logs.htm

Question #11

View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

  • A . The disk quota for the FortiAnalyzer model
  • B . The disk quota for all devices in the ADOM
  • C . The disk quota for each device in the ADOM
  • D . The disk quota for the ADOM type

Reveal Solution Hide Solution

Correct Answer: B
Question #12

When you perform a system backup, what does the backup configuration contain? (Choose two.)

  • A . Generated reports
  • B . Device list
  • C . Authorized devices logs
  • D . System information

Reveal Solution Hide Solution

Correct Answer: B,D
Question #13

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)

  • A . Mail server
  • B . Output profile
  • C . SFTP server
  • D . Report scheduling

Reveal Solution Hide Solution

Correct Answer: B,C
B,C

Reference:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-6cf4-11e9-81a4-00505692583a/FortiAnalyzer-6.0.5-Administration-Guide.pdf (119)

Question #14

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.

What is the recommended method to replace the disk?

  • A . Shut down FortiAnalyzer and then replace the disk
  • B . Downgrade your RAID level, replace the disk, and then upgrade your RAID level
  • C . Clear all RAID alarms and replace the disk while FortiAnalyzer is still running
  • D . Perform a hot swap

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://www.fortinetguru.com/2016/04/system-settings/6/

Question #15

What statements are true regarding disk log quota? (Choose two)

  • A . The FortiAnalyzer stops logging once the disk log quota is met.
  • B . The FortiAnalyzer automatically sets the disk log quota based on the device.
  • C . The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
  • D . The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Reveal Solution Hide Solution

Correct Answer: C,D
Question #16

What purposes does the auto-cache setting on reports serve? (Choose two.)

  • A . To reduce report generation time
  • B . To automatically update the hcache when new logs arrive
  • C . To reduce the log insert lag rate
  • D . To provide diagnostics on report generation time

Reveal Solution Hide Solution

Correct Answer: A,B
A,B

Explanation:

Reference: https://docs.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/282280/enabling-autocache

Question #17

Which two statements about log forwarding are true? (Choose two.)

  • A . Forwarded logs cannot be filtered to match specific criteria.
  • B . Logs are forwarded in real-time only.
  • C . The client retains a local copy of the logs after forwarding.
  • D . You can use aggregation mode only with another FortiAnalyzer.

Reveal Solution Hide Solution

Correct Answer: B,C
B,C

Explanation:

Reference: www.fortinetguru.com/2020/07/log-forwarding-fortianalyzer-fortios-6-2-3/

Question #18

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

  • A . ADOMs are enabled by default.
  • B . ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.
  • C . Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.
  • D . All administrators can create ADOMs–not just the admin administrator.

Reveal Solution Hide Solution

Correct Answer: B,C
Question #19

What are the operating modes of FortiAnalyzer? (Choose two)

  • A . Standalone
  • B . Manager
  • C . Analyzer
  • D . Collector

Reveal Solution Hide Solution

Correct Answer: C,D
Question #20

View the exhibit.

What does the data point at 14:35 tell you?

  • A . FortiAnalyzer is dropping logs.
  • B . FortiAnalyzer is indexing logs faster than logs are being received.
  • C . FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
  • D . The sqlplugind daemon is ahead in indexing by one log.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Logs are received then they are indexed, no logging server in the world can index logs faster than they are received. When FAZ receives raw logs, they are inserted

(indexed) by the SQL database and the sqlplugind daemon, this graph shows that FAZ received 3 logs and sqlplugind indexed 4.

Exit mobile version