Fortinet NSE6_FAZ-7.2 Exam Questions Instant Access

Question 1

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?

AThe traffic destination is another FoitiGate in the fabric.

BLog redundancy is configured in the fabric.

CThe upstream FortiGate is configured to do NAT.

DThe downstream device cannot connect to FortiAnalyzer.

Answer : D

In a Fortinet Security Fabric, an upstream FortiGate may create traffic logs for sessions initiated on downstream FortiGate devices if the downstream device is unable to connect to FortiAnalyzer. This allows for continuity of logging and ensures that session logs are captured and stored even if the downstream device loses its connection to the log management system. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'Fortinet Security Fabric' section.

Question 2

An administrator has configured the following settings:

What is the purpose of executing these commands?

ATo record the hash value and authentication code of log files.

BTo encrypt log transfer between FortiAnalyzer and other devices.

CTo verify the integrity of the log files received.

DTo create the secure channel used by the OFTP process.

Answer : C

The purpose of executing the provided CLI commands, which include setting the log-checksum to md5-auth, is to ensure the integrity of the log files. This setting is used to record the MD5 hash value of log files, which is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. By using MD5 authentication, FortiAnalyzer ensures that the log files have not been altered or tampered with during transit, thereby verifying their integrity upon receipt. This is not related to encrypting log transfers, scheduling reports, or creating secure channels for OFTP (Over-the-FortiGate Protocol) processes.

Question 3

Which two statements are true regarding fabric connectors? (Choose two.)

AUsing fabric connectors is more efficient than third-party polling information from the FortiAnalyzer API

BCloud-out connectors allow you to send real-time logs to public cloud accounts like Amazon S3.

CFabric connectors allow you to save storage costs and improve redundancy.

DThe storage connector service does not require a separate license to send logs to the cloud platform.

Answer : A, D

Fabric connectors in FortiAnalyzer, such as security fabric connectors (e.g., FortiClient EMS, FortiMail, FortiCASB) and storage connectors (e.g., Amazon S3, Azure Blob Container, Google Cloud Storage), provide efficient integration and data sharing capabilities. Using fabric connectors for direct integration with FortiAnalyzer is more efficient and reliable than relying on third-party applications to poll information through the FortiAnalyzer API. Additionally, the ability to send logs to cloud storage platforms like Amazon S3, Azure Blob, and Google Cloud directly through storage connectors is a built-in feature that does not require an additional license, thus saving on storage costs and improving redundancy without incurring extra licensing fees. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'Fabric Connectors' and 'Storage connectors' sections.

Question 4

A rogue administrator was accessing FortiAnalyzer without permission.

Where can you view the activities that the rogue administrator performed on FortiAnalyzer?

AFortiView

BFabric View

CLog View

DSystem Settings

Answer : A

To monitor the activities performed by any administrator, including a rogue one, on the FortiAnalyzer, you should use the FortiView feature. FortiView provides a comprehensive overview of the activities and events happening within the FortiAnalyzer environment, including administrator actions, making it the appropriate tool for tracking unauthorized or suspicious activities. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'System Settings > Fabric Management' section.

Question 5

Which statement is true about ADOMs?

AWhen a FortiAnalyzer Fabric is implemented, the default ADOM mode is set to advanced.

BA fabric ADOM can include all the device types supported by FortiAnalyzer.

CYou can change the ADOM mode only through the GUI.

DIn normal mode, you cannot change the disk quota of the ADOM after its creation.

Answer : B

Regarding ADOMs (Administrative Domains) in FortiAnalyzer, a fabric ADOM is capable of including all device types that FortiAnalyzer supports. This is part of the flexibility offered by ADOMs to manage and report on logs from various devices within a Fortinet security fabric. ADOMs can be enabled to support non-FortiGate devices as well, and the root ADOM in Fabric ADOMs provides visibility into all Security Fabric devices. Additionally, it should be noted that in normal mode, you cannot assign different FortiGate VDOMs to different ADOMs, while in advanced mode, you can, which provides a more granular control over the log data from individual VDOMs. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'ADOMs' and 'ADOM device modes' sections.

Question 6

Which statement is true about using aggregation mode on FortiAnalyzer?

AAggregation mode supports log filters.

BAggregation mode can work with syslog servers.

CIn aggregation mode, logs and content files are forwarded in real time.

DAggregation mode can be configured only on the CLI.

Answer : B

In aggregation mode, FortiAnalyzer stores logs received from devices and forwards them at a specified time each day to avoid duplication. It is specifically designed to work between two FortiAnalyzer units and does not support syslog or CEF servers. Additionally, aggregation mode configurations are limited to CLI commands log-forward and log-forward-service. Reference: FortiAnalyzer 7.2 Administrator Guide, 'Aggregation' and 'CLI Commands for Aggregation Mode' sections.

Question 7

Which two statements are true regarding the log synchronization states for HA on FortiAnalyzer? (Choose two.)

ALog Data Sync provides real-time log synchronization to all backup devices.

BWhen Log Data Sync is turned on, the backup device reboots and then rebuilds the log database with the synchronized logs.

CWith Initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

DBy default. Log Data Sync is disabled on all backup devices.

Answer : A, C

For HA on FortiAnalyzer, Log Data Sync ensures real-time log synchronization among all cluster members, including backup devices. This feature is enabled by default. The Initial Logs Sync state is triggered when a new unit is added to an HA cluster, where the primary unit synchronizes its logs with the newly added unit. After the initial synchronization, the secondary unit reboots and rebuilds its log database with the synchronized logs. Reference: FortiAnalyzer 7.2 Administrator Guide, 'Log synchronization' section.

Fortinet NSE 6 - FortiAnalyzer 7.2 Administrator NSE6_FAZ-7.2 Exam Questions