Fortinet NSE5_FAZ-7.2 Exam Questions Instant Access

Question 1

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

AAntivirus logs

BWeb filter logs

CIPS logs

DApplication control logs

Answer : B

FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?

TocPath=FortiView%7CUsing%20FortiView%7C_____6

Question 2

If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the

FortiAnalyzer back to functioning normally, without losing data?

AHot swap the disk

BReplace the disk and rebuild the RAID manually

CTake no action if the RAID level supports a failed disk

DShut down FortiAnalyzer and replace the disk

Answer : D

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2FFortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.

If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running -- known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.

Question 3

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

ATo properly correlate logs

BTo use real-time forwarding

CTo resolve host names

DTo improve DNS response times

Answer : A

Question 4

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

APrincipal

BService provider

CIdentity collector

DIdentity provider

Answer : B, D

20the%20identity%20provider%20(IdP,external%20identity%20provider%20is%20available.

https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/981386/saml-admin-authentication

In FortiAnalyzer, SAML can be enabled across all Security Fabric devices, enabling smooth movement between devices for the administrator by means of single sign-on (SSO).

FortiAnalyzer can play the role of the identity provider (IdP), the service provider (SP), or Fabric SP, when an external identity provider is available.

FortiAnalyzer_7.0_Study_Guide-Online pag. 48

Question 5

When you perform a system backup, what does the backup configuration contain? (Choose two.)

AGenerated reports

BDevice list

CAuthorized devices logs

DSystem information

Answer : B, D

https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm

Question 6

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

AA FortiGate ADOM

BThe FortiGate serial number

CA pre-shared key

DValid FortiAnalyzer credentials

Answer : D

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 93: The fourth method uses the Fortinet Security Fabric authorization process. This method requires that both FortiGate and FortiAnalyzer are running version 7.0.1 or higher. It is also required that the FortiGate administrator has valid credentials to log in on FortiAnalyzer and complete the registration.

https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/13897/adding-a-fortigate-using-security-fabric-authorization

Question 7

If you upgrade your FortiAnalyzer firmware, what report elements can be affected?

AOutput profiles

BReport settings

CReport scheduling

DCustom datasets

Answer : D

Fortinet NSE 5 - FortiAnalyzer 7.2 NSE5_FAZ-7.2 Exam Questions