Fortinet NSE5_FAZ-7.2 Exam Practice Test Instant Access

Question 1

Which statement about the FortiSIEM management extension is correct?

AAllows you to manage the entire life cycle of a threat or breach.

BIts use of the available disk space is capped at 50%.

CIt requires a licensed FortiSIEM supervisor.

DIt can be installed as a dedicated VM.

Answer : A

Question 2

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

AThe endpoint is marked as Compromised and. optionally, can be put in quarantine.

BFortiAnalyzer flags the associated host for further analysis.

CA new Infected entry is added for the corresponding endpoint.

DThe detection engine classifies those logs as Suspicious

Answer : A

Question 3

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

ATo add a new chart under FortiView to be used in new reports

BTo build a dataset and chart automatically, based on the filtered search results

CTo add charts directly to generate reports in the current ADOM

DTo build a chart automatically based on the top 100 log entries

Answer : B

Question 4

How can you attach a report to an incident?

ABy attaching it to an event handler alert

BBy editing the settings of the desired report

CFrom the properties of an existing incident

DSaving it in JSON format, and then importing it

Answer : C

Question 5

Why must you wait for several minutes before you run a playbook that you just created?

AFortiAnalyzer needs that time to parse the new playbook.

BFortiAnalyzer needs that time to back up the current playbooks.

CFortiAnalyzer needs that time to ensure there are no other playbooks running.

DFortiAnalyzer needs that time to debug the new playbook.

Answer : A

Question 6

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

AYou can export only one playbook at a time.

BYou can import a playbook even if there is another one with the same name in the destination.

CPlaybooks can be exported and imported only within the same FortiAnaryzer.

DA playbook that was disabled when it was exported, will be disabled when it is imported.
If the imported playbook has the same name as an existing one, FortiAnalyzer will create a new name that includes a timestamp to avoid conflicts.
Playbooks are imported with the same status they had (enabled or disabled) when they were exported.
Playbooks set to run automatically should be exported while they are disabled to avoid unintended runs on the destination.

Answer : B, D

Question 7

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

ASystem information

BLogs from registered devices

CReport information

DDatabase snapshot

Answer : A, C

What does the System Configuration backup include?

System information, such as the device IP address and administrative user information.

Device list, such as any devices you configured to allow log access.

Report information, such as any configured report settings, as well as all your custom report details. These are not the actual reports.

FortiAnalyzer_7.0_Study_Guide-Online pag. 29

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 29: What does the System Configuration backup include?

* System information, such as the device IP address and administrative user information

* Device list, such as any devices you configured to allow log access

* Report information, such as any configured report settings, as well as all your custom report details. These are not the actual reports.

Fortinet NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Exam Practice Test