Professional Documents
Culture Documents
Nse5 Faz-6.2
Nse5 Faz-6.2
51q
Number: NSE5_FAZ-6.2
Passing Score: 926
Time Limit: 120 min
File Version: 20.061
Vendor: Fortinet
Version: 20.061
Exam A
QUESTION 1
How are logs forwarded when FortiAnalyzer is using aggregation mode?
A. Logs and content files are stored and uploaded at a scheduled time
B. Logs and content files are forwarded as they are received
C. Logs are forwarded ad they are received
D. Logs are forwarded as they are received and content files are uploaded at a scheduled time
Correct Answer: A
QUESTION 2
DLP archiving gives the ability to store session transaction data on a FortiAnalyzer unit for which of the
following types of network traffic? (Select all that apply.)
A. SNMP
B. IPSec
C. SMTP
D. POP3
E. HTTP
QUESTION 3
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two)
Correct Answer: BC
QUESTION 4
Which statement is correct? FortiAnalyzer collects and aggregates log data from:
Correct Answer: A
QUESTION 5
What are two of the key features of FortiAnalyzer? (Choose two)
Correct Answer: AC
QUESTION 6
What statements are true regarding FortiAnalyzer's treatment of high availability (HA) clusters? (Choose
two)
A. FortiAnalyzer distinguishes different device by their serial number.
B. FortiAnalyzer receives logs from all devices in a cluster.
C. FortiAnalyzer receives logs only from the primary device in the cluster.
D. FortiAnalyzer only needs to know the serial number of the primary device in the cluster - it automatically
discovers the other devices.
Correct Answer: AC
QUESTION 7
What FortiGate process caches logs when FortiAnalyzer is not reachable?
A. oftpd
B. miglogd
C. sqlplugind
D. logfiled
Correct Answer: B
QUESTION 8
What is the purpose of the following CLI command?
Correct Answer: D
QUESTION 9
Consider the following scenario: The FortiAnalyzer administrator creates a custom dataset.
The Log type is set to Traffic and the Time Period is set to Last 30 days.
The following query is entered:
SELECT root_domain(hostname) as website, count(*) as totalnum, dstcountry FROM $log WHERE $filter
and hostname is not null GROUP BY hostname, dstcountry ORDER BY session desc LIMIT 25.
When the administrator tests the custom dataset, an error message is returned. Why?
Correct Answer: B
QUESTION 10
By default, what happens when a log file reaches its maximum file size?
Correct Answer: C
QUESTION 11
What types of logs will FortiAnalyzer store? (Select one)
A. Traffic/Event/Security, Data Leak Prevention (DLP) archive, Quarantine, and IPS (Intrusion Protection
System) Packets.
B. Traffic/Event, Data Leak Prevention (DLP) archive, Quarantine, and IPS (Intrusion Protection System)
Packets.
C. Traffic/Event/Security, Data Leak Prevention (DLP) archive, Quarantine.
D. Data Leak Prevention (DLP) archive, Quarantine, and IPS (Intrusion Protection System) Packets.
Correct Answer: A
QUESTION 12
What statements are true regarding encryption settings and levels? (Choose three)
A. The default encryption level is 128-bit and larger key length algorithms.
B. High level encryption requires additional CPU resources.
C. AES is an example of a high level encryption.
D. The default encryption level on FortiAnalyzer is set at the same default encryption level as FortiGate.
E. "Set enc-algorithm, <encryption level>" is the command used to set the encryption level on
FortiAnalyzer.
QUESTION 13
What database language does FortiAnalyzer use for logging and reporting?
A. XQuery
B. XML
C. SQL
D. Java
Correct Answer: C
QUESTION 14
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and
FortiGate? (Choose three)
A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.
B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload
option.
C. Both secure communications methods (SSL and Ipsec) allow the store and upload option.
D. Disk logging is enabled on the FortiGate through the CLI only.
E. Disk logging is enabled by default on the FortiGate
QUESTION 15
What are the methods available to register a device? (Choose two)
Correct Answer: AC
QUESTION 16
In FortiAnalyzer's FortiView, source and destination IP addresses from FortiGate devices are not resolving
to a hostname. How can you resolve the source and destination IPs, without introducing any additional
performance impact to FortiAnalyzer?
Correct Answer: B
QUESTION 17
What is the purpose of employing RAID with FortiAnalyzer?
Correct Answer: D
QUESTION 18
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log
settings?
A. The log file is stored as a raw log and is available for analytic support
B. The log file rolls over and is archived
C. The log file is purged from the database
D. The log file is overwritten
Correct Answer: B
QUESTION 19
View the exhibit. Why is the total quota less than the total system storage?
A. The oftpd process has not archived the logs yet
B. The logfiled process is just estimating the total quota
C. Some space is reserved for system use, such as storage of compression files, upload files, and
temporary report files
D. 3.6% of the system storage is already being used
Correct Answer: C
QUESTION 20
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose
two.)
Correct Answer: CD
QUESTION 21
What can the CLI command # diagnose test application oftpd 3 help you to determine?
Correct Answer: C
QUESTION 22
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
A. Report settings
B. Report scheduling
C. Output profiles
D. Custom datasets
Correct Answer: D
QUESTION 23
On FortiAnalyzer, what is a wildcard administrator account?
Correct Answer: A
QUESTION 24
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from
another FortiAnalyzer device?
QUESTION 25
FortiAnalyzer uses the Optimized Fabric Transfer Protocol (OFTP) over SSL for what purpose?
Correct Answer: C
QUESTION 26
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
A. From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk
number> command to expand the storage
B. From the VM host manager, expand the size of the existing virtual disk
C. From the VM host manager, add an additional disk and rebuild your RAID array
D. From the VM host manager, expand the size of the existing virtual disk and use the # execute
command to reformat the disk
format disk
Correct Answer: A
QUESTION 27
What must you configure on FortiAnalyzer to upload a Fortianalyzer report to a supported external server?
(Choose two.)
A. Report scheduling
B. Output profile
C. SFTP, FTP, or SCP server
D. Mail server
Correct Answer: BC
QUESTION 28
View the exhibit. What does the 1000 MB maximum for disk utilization refer to?
QUESTION 29
What purposes does the auto-cache setting on reports serve? (Choose two.)
Correct Answer: AD
QUESTION 30
View the exhibit. What does the data point at 14:35 tell you?
Correct Answer: A
QUESTION 31
You've moved a registered logging device out of one ADOM and into a new ADOM. What happens when
you rebuild the new ADOM database?
Correct Answer: C
QUESTION 32
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
Correct Answer: A
QUESTION 33
Which statement is true regarding FortiAnalyzer models?
A. All physical appliances can support the same number of GB per day of logs.
B. Both physical and virtual appliances have same license file.
C. All physical appliances have the same storage capacity.
D. The virtual appliance license determines the number of devices supported and the amount of traffic can
be collected.
Correct Answer: D
QUESTION 34
How does FortiAnalyzer retrieve specific log data from the database?
Correct Answer: C
QUESTION 35
Logs are being deleted from one of your ADOMs earlier than the configured setting for archiving in your
data policy. What is the most likely problem?
A. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device
B. CPU resources are too high
C. The ADOM disk quota is set too low based on log rates
D. The total disk space is insufficient and you need to add other disk
Correct Answer: C
QUESTION 36
How do you restrict an administrator's access to a subset of your organization's ADOMs?
Correct Answer: C
QUESTION 37
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search
result?
A. Chart Builder
B. Dataset Library
C. Custom View
D. Export to Report Chart
Correct Answer: D
QUESTION 38
What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons?
(Choose three)
A. RADIUS
B. Local
C. LDAP
D. PKI
E. TACACS+
QUESTION 39
Which statements are correct regarding FortiAnalyzer reports? (Choose two)
Correct Answer: AB
QUESTION 40
What are the operating modes of FortiAnalyzer? (Choose two)
A. Standalone
B. Manager
C. Analyzer
D. Collector
Correct Answer: CD
QUESTION 41
What s 'hot swapping'?
A. Hot swapping means administrators can confine FortiAnalyzer to write to all hard device in order to
make the array fault tolerant.
B. Hot swapping means administrators can replace a failed disk on devices that support software RAID
while the device is still running.
C. Hot swapping means administrators can ensue the parity data of a redundant drive is valid while the
device is still running.
D. Hot swapping means administrators can replace a fated d* on devices that support hardware RAID
while the device is still running.
Correct Answer: D
QUESTION 42
Which tabs do not appear when FortiAnalyzer is operating in Collector mode? (Choose two.)
A. FortiView
B. Event Management
C. Device Manger
D. Reporting
Correct Answer: AD
QUESTION 43
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search
option.
What is a valid reason for using the Full Search option, instead?
A. The search items you are looking for are not contained in indexed log fields.
B. A quick search only searches data received within the last 24 hours.
C. You want the search to include the FortiAnalyzer's local logs.
D. You want the search to include content archive data as well.
Correct Answer: A
QUESTION 44
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met.
Considering this, which of the following statements is NOT correct?
A. On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not
on a combination of the two.
B. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type,
but not on a combination of the two.
C. Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.
D. Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.
Correct Answer: A
QUESTION 45
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered
devices should:
A. Use DNS
B. Use host name resolution
C. Use an NTP server
D. Use real-time forwarding
Correct Answer: C
QUESTION 46
FortiAnalyzer centralizes which functions? (Choose three)
A. Network analysis
B. Graphical reporting
C. Content archiving / data mining
D. Vulnerability assessment
E. Security log analysis / forensics
QUESTION 47
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose
two)
Correct Answer: AC
QUESTION 48
What statements are true regarding disk log quota? (Choose two)
A. The FortiAnalyzer stops logging once the disk log quota is met.
B. The FortiAnalyzer automatically sets the disk log quota based on the device.
C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
D. The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the
reserved system space.
Correct Answer: CD
QUESTION 49
A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit.
Which of the following statements best describes the reason why the FortiGate 60B unit is unable to
archive data to the FortiAnalyzer unit?
Correct Answer: A
QUESTION 50
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate
devices?
A. SSL
B. IPSec
C. direct serial connection
D. S/MIME
Correct Answer: B
QUESTION 51
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic
Discovery is enabled to detect any available FortiAnalyzers on the network.
Which of the following FortiAnalyzers will be detected? (Select all that apply.)
A. 192.168.11.100
B. 192.168.11.251
C. 192.168.10.100
D. 192.168.10.251
Correct Answer: AB