DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet NSE5_FAZ-7.2 Certification Exam Questions & Practice Tests, Fortinet NSE 5 FortiAnalyzer 7.2 | SPOTO

Prepare for success in the Fortinet NSE5_FAZ-7.2 NSE 5 - FortiAnalyzer 7.2 Analyst exam with SPOTO's comprehensive practice tests and exam resources. This certification evaluates your proficiency in FortiAnalyzer 7.2, a critical network security management and analytics tool. Access our high-quality practice tests, including free test samples and exam dumps, to enhance your understanding and readiness for the exam. Our exam questions and answers, coupled with detailed explanations and exam materials, provide a solid foundation for effective exam preparation. Leverage our exam simulator and online exam questions to simulate real exam scenarios and improve your exam performance. With SPOTO's mock exams and practice tests, you'll have the best material at your disposal to succeed in the NSE5_FAZ-7.2 exam and achieve your Fortinet certification goals.

Take other online exams

Question #1
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer. What can you do on FortiAnalyzer to accomplish this?
A. Click FortiView and generate a report for that administrator
B. Click Task Monitor and view the tasks performed by that administrator
C. Click Log View and generate a report for that administrator
D. View the tasks performed by the rogue administrator in Fabric View
View answer
Correct Answer: A

View The Updated Fortinet NSE5_FAZ-7.2 Exam Questions

SPOTO Provides 100% Real Fortinet NSE5_FAZ-7.2 Exam Questions for You to Pass Your Fortinet NSE5_FAZ-7.2 Exam!

Question #2
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. What can be the reason for this failure?
A. FortiAnalyzer is in an HA cluster
B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device
C. ADOMs are not enabled on FortiAnalyzer
D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device
View answer
Correct Answer: B
Question #3
What are analytics logs on FortiAnalyzer?
A. Log type Traffic logs
B. Logs that roll over when the log file reaches a specific size
C. Logs that are indexed and stored in the SQL
D. Raw logs that are compressed and saved to a log file
View answer
Correct Answer: A
Question #4
After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario? (Choose two.)
A. You enabled auto-cache with extended log filtering
B. The logfiled service has not indexed all the expected logs
C. The logs were overwritten by the data retention policy
D. The time frame selected in the report is wrong
View answer
Correct Answer: C
Question #5
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
A. Both modes, forwarding and aggregation, support encryption of logs between devices
B. In aggregation mode, you can forward logs to syslog and CEF servers as well
C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time
D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices
View answer
Correct Answer: A
Question #6
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playbook after it is run?
A. Running
B. Failed
C. Upstream_failed
D. Success
View answer
Correct Answer: A
Question #7
Which two statements express the advantages of grouping similar reports? (Choose two.)
A. Improve report completion time
B. Conserve disk space on FortiAnalyzer by grouping multiple similar reports
C. Reduce the number of hcache tables and improve auto-hcache completion time
D. Provides a better summary of reports
View answer
Correct Answer: A
Question #8
What is the purpose of trigger variables?
A. To display statistics about the playbook runtime
B. To use information from the trigger to filter the action in a task
C. To provide the trigger information to make the playbook start running
D. To store the start times of playbooks with On_Schedule triggers
View answer
Correct Answer: B
Question #9
What is Log Insert Lag Time on FortiAnalyzer?
A. The number of times in the logs where end users experienced slowness while accessing resources
B. The amount of lag time that occurs when the administrator is rebuilding the ADOM database
C. The amount of time that passes between the time a log was rec weived an wd when w it was in
D. The amount of time FortiAnalyzer takes to receive logs from a registered device
View answer
Correct Answer: C
Question #10
What FortiGate process caches logs when FortiAnalyzer is not reachable?
A. oftpd
B. miglogd
C. sqlplugind
D. logfiled
View answer
Correct Answer: B
Question #11
How are logs forwarded when FortiAnalyzer is using aggregation mode?
A. Logs and content files are stored and uploaded at a scheduled time
B. Logs and content files are forwarded as they are received
C. Logs are forwarded ad they are received
D. Logs are forwarded as they are received and content files are uploaded at a scheduled time
View answer
Correct Answer: D
Question #12
What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?
A. The endpoint is marked as Compromised and
B. FortiAnalyzer flags the associated host for further analysis
C. A new Infected entry is added for the corresponding endpoint
D. The detection engine classifies those logs as Suspicious
View answer
Correct Answer: B
Question #13
Logs are being deleted from one of your ADOMs earlier than the configured setting for archiving in your data policy. What is the most likely problem?
A. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device
B. CPU resources are too high
C. The ADOM disk quota is set too low based on log rates
D. The total disk space is insufficient and you need to add other disk
View answer
Correct Answer: C
Question #14
How do you restrict an administrator’s access to a subset of your organization’s ADOMs?
A. Set the ADOM mode to Advanced
B. Configure trusted hosts
C. Assign the ADOMs to the administrator’s account
D. Assign the default Super_User administrator profile
View answer
Correct Answer: C
Question #15
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
A. You can export only one playbook at a time
B. You can import a playbook even if there is another one with the same name in the destination
C. Playbooks can be exported and imported only within the same FortiAnaryzer
D. A playbook that was disabled when it was exported, will be disabled when it is imported
View answer
Correct Answer: C
Question #16
What can you do on FortiAnalyzer to restrict administrative access from specific locations?
A. Configure trusted hosts for that administrator
B. Enable geo-location services on accessible interface
C. Configure two-factor authentication with a remote RADIUS server
D. Configure an ADOM for respective location
View answer
Correct Answer: A
Question #17
What is the purpose of using the Chart Builder feature on FortiAnalyzer?
A. To add a new chart under FortiView to be used in new reports
B. To build a dataset and chart automatically, based on the filtered search results
C. To add charts directly to generate reports in the current ADOM
D. To build a chart automatically based on the top 100 log entries
View answer
Correct Answer: D
Question #18
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)
A. FortiAnalyzer HA can function without VRRP
B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings
C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector
D. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud
View answer
Correct Answer: C
Question #19
The exhibit shows "remoteservergroup" is an authentication server group with LDAP and RADIUS servers. Which two statements express the significance of enabling "Match all users on remote server" when configuring a new administrator? (Choose two.)
A. It creates a wildcard administrator using LDAP and RADIUS servers
B. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS
C. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime
D. It allows administrators to use two-factor authentication
View answer
Correct Answer: A
Question #20
Which statement about the FortiSIEM management extension is correct?
A. Allows you to manage the entire life cycle of a threat or breach
B. Its use of the available disk space is capped at 50%
C. It requires a licensed FortiSIEM supervisor
D. It can be installed as a dedicated VM
View answer
Correct Answer: C
Question #21
In FortiAnalyzer’s FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?
A. Configure # set resolve-ip enable in the system FortiView settings
B. Resolve IPs on FortiGate
C. Configure local DNS servers on FortiAnalyzer
D. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve
View answer
Correct Answer: A
Question #22
Why run the command diagnose sql status sqlplugind?
A. To list the current SQL processes running
B. To check what is the database log insertion status
C. To display the SOL query connections and hcache status
D. To view the current hcache size
View answer
Correct Answer: C
Question #23
What is the purpose of using prefilters when configuring event handlers?
A. They limit which logs are checked for matches by the other filters
B. They can filter the logs before they are processed by FortiAnalyzer
C. They download new filters to be used in event handlers
D. They are common filters applied simultaneously to all event handlers
View answer
Correct Answer: B
Question #24
Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?
A. FortiAnalyzerl and FortiAnalyzer3
B. FortiAnalyzer1 and FortiAnalyzer2
C. All devices listed can be members
D. FortiAnalyzer2 and FortiAnalyzer3
View answer
Correct Answer: A
Question #25
View the exhibit. Why is the total quota less than the total system storage?
A. The oftpd process has not archived the logs yet
B. The logfiled process is just estimating the total quota
C. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files
D. 3
View answer
Correct Answer: B
Question #26
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email. What could be the problem?
A. Fortinet is assigned the Standard_ User administrator profile
B. A trusted host is configured
C. ADOM mode is configured with Advanced mode
D. Fortinet is assigned the Restricted_ User administrator profile
View answer
Correct Answer: A
Question #27
Which statement is true regarding Macros on FortiAnalyzer?
A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM
B. Macros are supported only on the FortiGate ADOM
C. Macros are useful in generating excel log files automatically based on the reports settings
D. Macros are predefined templates for reports and cannot be customized
View answer
Correct Answer: A
Question #28
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
A. System information
B. Logs from registered devices
C. Report information
D. Database snapshot
View answer
Correct Answer: A
Question #29
FortiAnalyzer uses the Optimized Fabric Transfer Protocol (OFTP) over SSL for what purpose?
A. To prevent log modification during backup
B. To send an identical set of logs to a second logging server
C. To encrypt log communication between devices
D. To upload logs to a SFTP server
View answer
Correct Answer: B
Question #30
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1. What should the administrator do to solve this issue?
A. Use the execute sql-local rebuild-db command to rebuild all ADOM databases
B. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database
C. Use the execute sql-report run ADOM1 command to run a report
D. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database
View answer
Correct Answer: B
Question #31
Which statement about sending notifications with incident updates is true?
A. Notifications can be sent only when an incident is created or deleted
B. You must configure an output profile to send notifications by email
C. Each incident can send notifications to a single external platform
D. Each connector used can have different notification settings
View answer
Correct Answer: B
Question #32
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
A. Report settings
B. Report scheduling
C. Output profiles
D. Custom datasets
View answer
Correct Answer: C
Question #33
What must you configure on FortiAnalyzer to upload a Fortianalyzer report to a supported external server? (Choose two.)
A. Report scheduling
B. Output profile
C. SFTP, FTP, or SCP server
D. Mail server
View answer
Correct Answer: C
Question #34
Which two statements are true regarding ADOM modes? (Choose two.)
A. You can only change ADOM modes through CLI
B. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM
C. In an advanced mode ADOM
D. Normal mode is the default ADOM mode
View answer
Correct Answer: C
Question #35
What can the CLI command # diagnose test application oftpd 3 help you to determine?
A. What logs, if any, are reaching FortiAnalyzer
B. What ADOMs are enabled and configured
C. What devices and IP addresses are connecting to FortiAnalyzer
D. What devices are registered and unregistered
View answer
Correct Answer: C
Question #36
What is the purpose of the following CLI command?
A. To add the MD5’s hash value and authentication code
B. To encrypt log communications
C. To add a unique tag to each log to provide that it came from this FortiAnalyzer
D. To add a log file checksum
View answer
Correct Answer: A
Question #37
Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
A. Report size will be optimized to conserve disk space on FortiAnalyzer
B. Reports will be cached in the memory
C. This feature is automatically enabled for scheduled reports
D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets
View answer
Correct Answer: C
Question #38
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:
A. Use DNS
B. Use host name resolution
C. Use an NTP server
D. Use real-time forwarding
View answer
Correct Answer: A
Question #39
An administrator has moved FortiGate A from the root ADOM to ADOM1. Which two statements are true regarding logs? (Choose two.)
A. Analytics logs will be moved to ADOM1 from the root ADOM automatically
B. Archived logs will be moved to ADOM1 from the root ADOM automatically
C. Logs will be presented in both ADOMs immediately after the move
D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database
View answer
Correct Answer: B
Question #40
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?
A. Chart Builder
B. Dataset Library
C. Custom View
D. Export to Report Chart
View answer
Correct Answer: A
Question #41
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer
B. Make sure all endpoints are reachable by FortiAnalyzer
C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device
D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date
View answer
Correct Answer: B
Question #42
View the exhibit: What does the 1000 MB maximum for disk utilization refer to?
A. The disk quota for each device in the ADOM
B. The disk quota for the ADOM type
C. The disk quota for all devices in the ADOM
D. The disk quota for the FortiAnalyzer model
View answer
Correct Answer: BC

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: