NSE5_FAZ-7.2 Exam Dumps - Fortinet NSE 5 - FortiAnalyzer 7.2

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure# set resolve-ip enablein the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

The log file is stored as a raw log and is available for analytic support.

The log file rolls over and is archived.

The log file is purged from the database.

The log file is overwritten.

It creates a wildcard administrator using LDAP and RADIUS servers.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

It allows administrators to use two-factor authentication.

It sorts log data into tables

It extracts the database schema

It retrieves log data from the database

It injects log data into the database

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

Management extensions do not require additional licenses.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

Management extensions require a dedicated VM for best performance.

Management extensions may require a minimum number of CPU cores to run.

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

Make sure all endpoints are reachable by FortiAnalyzer.

Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

The security risk was blocked or dropped.

The security event risk is considered open.

An incident was created from this event.

The risk source is isolated.

Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

RADIUS

Local

LDAP

PKI

TACACS+

Output profile

Report scheduling

SFTP server

SNMP server

To reset the disk quota enforcement to default

To remove the analytics logs of the device from the old database

To migrate the archive logs to the new ADOM

To populate the new ADOM with analytical logs for the moved device, so you can run reports

FortiAnalyzer is in an HA cluster.

ADOM mode should be set to advanced, in order to register the FortiClient EMS device.

ADOMs are not enabled on FortiAnalyzer.

A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

To store playbook execution statistics

To use the output of the previous task as the input of the current task

To display details of the connectors used by a playbook

To save all the task settings when a playbook is exported

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

FortiAnalyzer flags the associated host for further analysis.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious

The total disk space is insufficient and you need to add other disk.

CPU resources are too high.

The ADOM disk quota is set too low based on log rates.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

logfiled

sqlplugind

oftpd

miglogd

To display statistics about the playbook runtime

To use information from the trigger to filter the action in a task

To provide the trigger information to make the playbook start running

To store the start times of playbooks with On_Schedule triggers

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

The configured IP address is checked first.

The active port number is checked first.

The firmware version is checked first.

The configured priority is checked first

Allows you to manage the entire life cycle of a threat or breach.

Its use of the available disk space is capped at 50%.

It requires a licensed FortiSIEM supervisor.

It can be installed as a dedicated VM.

Forwarded logs cannot be filtered to match specific criteria.

Logs are forwarded in real-time only.

The client retains a local copy of the logs after forwarding.

You can use aggregation mode only with another FortiAnalyzer.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

To reduce report generation time

To automatically update the hcache when new logs arrive

To reduce the log insert lag rate

To provide diagnostics on report generation time

FortiAnalyzer resets the disk quota of the new ADOM to default.

FortiAnalyzer migrates archive logs to the new ADOM.

FortiAnalyzer migrates analytics logs to the new ADOM.

FortiAnalyzer removes logs from the old ADOM.

Running

Failed

Upstream_failed

Success

FortiAnalyzer is dropping logs.

FortiAnalyzer is indexing logs faster than logs are being received.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

The sqlplugind daemon is ahead in indexing by one log.

Custom datasets

Report scheduling

Report settings

Output profiles

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

Fabric connectors allow to save storage costs and improve redundancy.

Storage connector service does not require a separate license to send logs to cloud platform.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage

From the VM host manager, expand the size of the existing virtual disk

From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk

From the VM host manager, add an additional virtual disk and rebuild your RAID array

You enabled auto-cache with extended log filtering.

The logfiled service has not indexed all the expected logs.

The logs were overwritten by the data retention policy.

The time frame selected in the report is wrong.

Logs that reached a specific size and were rolled over

Logs that can be used to create reports

Logs that can be viewed using Log Browse

Logs that are saved to disk, compressed, and available in FortiView

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.

Must establish an IPsec tunnel ID and pre-shared key.

IPsec cannot be enabled if SSL is enabled as well.

IPsec is only enabled through the CLI on FortiAnalyzer.

Generated reports

Device list

Authorized devices logs

System information