Fortinet NSE5_FAZ-7.2 Exam Practice Test Instant Access

Question 1

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

AThe endpoint is marked as Compromised and. optionally, can be put in quarantine.

BFortiAnalyzer flags the associated host for further analysis.

CA new Infected entry is added for the corresponding endpoint.

DThe detection engine classifies those logs as Suspicious

Answer : A

Question 2

What statements are true regarding disk log quota? (Choose two)

AThe FortiAnalyzer stops logging once the disk log quota is met.

BThe FortiAnalyzer automatically sets the disk log quota based on the device.

CThe FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

DThe FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Answer : C, D

Question 3

Refer to the exhibit.

Which image corresponds to the packet capture shown in the exhibit?

AOption A

BOption B

COption C

DOption D

Answer : C

Question 4

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

AA FortiGate ADOM

BThe FortiGate serial number

CA pre-shared key

DValid FortiAnalyzer credentials

Answer : D

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 93: The fourth method uses the Fortinet Security Fabric authorization process. This method requires that both FortiGate and FortiAnalyzer are running version 7.0.1 or higher. It is also required that the FortiGate administrator has valid credentials to log in on FortiAnalyzer and complete the registration.

https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/13897/adding-a-fortigate-using-security-fabric-authorization

Question 5

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

ABoth modes, forwarding and aggregation, support encryption of logs between devices.

BIn aggregation mode, you can forward logs to syslog and CEF servers as well.

CAggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

DForwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Answer : A, C

A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. 'Real time' and 'aggregation' is about the 'moment' when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config).

C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.

Question 6

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

AA local wildcard administrator account

BA remote LDAP server

CA trusted host profile that restricts access to the LDAP group

DAn administrator group

Answer : A, B

Question 7

For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered

devices should:

AUse DNS

BUse host name resolution

CUse real-time forwarding

DUse an NTP server

Answer : D

Fortinet NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Exam Practice Test