Fortinet NSE6_FAZ-7.2 Fortinet NSE 6 - FortiAnalyzer 7.2 Administrator Exam Practice Test

Page: 1 / 14
Total 30 questions
Question 1

Which command can you use to find the IP addresses of the devices sending logs to FortiAnalyzer?



Answer : A

The command diagnose debug application oftpd 8 is used to obtain detailed debug output for the OFTP (Over the FortiGate Protocol) daemon on FortiAnalyzer. This protocol is responsible for the communication and log transfer between FortiGate devices and FortiAnalyzer. By using this debug level, administrators can find information including the IP addresses of devices that are sending logs to FortiAnalyzer. Reference: FortiOS 7.4.1 Administration Guide, 'Diagnostic commands' section.


Question 2

Which two methods can you use to restrict administrative access on FortiAnalyzer? (Choose two.)



Answer : A, B

To restrict administrative access on FortiAnalyzer, two effective methods are using administrator profiles and configuring trusted hosts. Administrator profiles allow for defining the level of access and permissions for different administrators, controlling what each administrator can see and do within the FortiAnalyzer unit. Configuring trusted hosts enhances security by limiting administrative access to specified IP addresses, ensuring that administrators can only connect from approved locations or networks, thus preventing unauthorized access from outside specified subnets or IP addresses. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'Administrators' and 'Trusted hosts' sections.


Question 3

Which process caches logs on FortiGate when FortiAnalyzer is not readable?



Answer : A

The process logfiled in FortiGate units with an SSD disk is responsible for buffering logs when FortiAnalyzer is unreachable. If the connection to FortiAnalyzer is lost and the memory log buffer is full, logfiled allows logs to be buffered on disk. These logs are then sent to FortiAnalyzer once the connection is restored. This reliable logging mechanism ensures that logs are not lost during periods when FortiAnalyzer is not reachable, thereby maintaining log integrity and continuity. Reference: FortiOS 7.4.1 Administration Guide, 'Log Buffering' and 'Reliable Logging' sections.


Question 4

A rogue administrator was accessing FortiAnalyzer without permission.

Where can you view the activities that the rogue administrator performed on FortiAnalyzer?



Answer : A

To monitor the activities performed by any administrator, including a rogue one, on the FortiAnalyzer, you should use the FortiView feature. FortiView provides a comprehensive overview of the activities and events happening within the FortiAnalyzer environment, including administrator actions, making it the appropriate tool for tracking unauthorized or suspicious activities. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'System Settings > Fabric Management' section.


Question 5

Which two statements are true regarding FortiAnalyzer system backups? (Choose two.)



Answer : A, D

FortiAnalyzer allows for the inclusion of existing reports in the backup files, providing a comprehensive backup of configurations and data. Additionally, the backup files can be configured to be uploaded to SCP and SFTP servers, ensuring secure transfer and offsite storage of backup data. This can be configured both in the GUI and the CLI, providing flexibility in how backups are scheduled and managed. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'Scheduling automatic backups' section.


Question 6

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?



Answer : B

In systems that support hardware RAID, hot swapping allows for the replacement of a failed disk without shutting down the system. This capability is crucial for maintaining uptime and ensuring data redundancy and availability, especially in critical environments. The RAID controller rebuilds the data on the new disk using redundancy data from the other disks in the array, ensuring no data loss and minimal impact on system performance.

In the context of a FortiAnalyzer unit equipped with hardware RAID support, the optimal approach to addressing a hard disk failure is to perform a hot swap of the disk. Hardware RAID configurations are designed to provide redundancy and fault tolerance, allowing for the replacement of a failed disk without the need to shut down the system. Hot swapping enables the administrator to replace the faulty disk with a new one while the system is still running, and the RAID controller will rebuild the data on the new disk, restoring the RAID array to its fully operational state. Reference: FortiAnalyzer 7.2 Administrator Guide - 'Hardware Maintenance' and 'RAID Management' sections.


Question 7

Which feature can you configure to add redundancy to FortiAnalyzer?



Answer : D

Link aggregation is a method used to combine multiple network connections in parallel to increase throughput and provide redundancy in case one of the links fail. This feature is used in network appliances, including FortiAnalyzer, to add redundancy to the network connections, ensuring that there is a backup path for traffic if the primary path becomes unavailable. Reference: The FortiAnalyzer 7.4.1 Administration Guide explains the concept of link aggregation and its relevance to


Page:    1 / 14   
Total 30 questions