DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Efficient Fortinet Exam Preparation with Latest NSE5_FAZ-7.2 Exam Questions

Preparing for the Fortinet NSE5_FAZ-7.2 exam can be a challenging endeavor, but with the right resources from SPOTO, you can increase your chances of passing successfully. SPOTO offers a comprehensive range of exam preparation materials, including exam questions and answers, test questions, and mock exams that closely simulate the real exam environment. Their study materials are meticulously crafted by industry experts, ensuring you have access to the most up-to-date and relevant information. With SPOTO's exam questions, you can identify your strengths and weaknesses, allowing you to focus your efforts on areas that require more attention. Additionally, their mock exams provide a valuable opportunity to practice and gain confidence in a simulated exam setting. By leveraging SPOTO's exam resources, study materials, and practice tests, you can equip yourself with the knowledge and skills necessary to ace the NSE5_FAZ-7.2 exam and validate your expertise in configuring and managing Fortinet's FortiAnalyzer solution.
Take other online exams

Question #1
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
A. ntivirus logs
B. eb filter logs
C. PS logs
D. pplication control logs
View answer
Correct Answer: B
Question #2
You've moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?
A. ortiAnalyzer resets the disk quota of the new ADOM to default
B. ortiAnalyzer migrates archive logs to the new ADOM
C. ortiAnalyzer migrates analytics logs to the new ADOM
D. ortiAnalyzer removes logs from the old ADOM
View answer
Correct Answer: C
Question #3
How do you restrict an administrator’s access to a subset of your organization’s ADOMs?
A. et the ADOM mode to Advanced
B. ssign the ADOMs to the administrator’s account
C. onfigure trusted hosts
D. ssign the default Super_User administrator profile
View answer
Correct Answer: B
Question #4
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days.What is the most likely problem?
A. uota enforcement is acting on analytical data before a report is complete
B. ogs are rolling before the report is run
C. PU resources are too high
D. isk utilization for archive logs is set for 15 days
View answer
Correct Answer: B
Question #5
Which two statements are true regarding ADOM modes? (Choose two.)
A. se the execute sql-local rebuild-db command to rebuild all ADOM databases
B. se the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database
C. se the execute sql-report run ADOM1 command to run a report
D. se the execute sql-local rebuild-adom root command to rebuild the ADOM database
View answer
Correct Answer: CD
Question #6
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
A. rom the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage
B. rom the VM host manager, expand the size of the existing virtual disk
C. rom the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk
D. rom the VM host manager, add an additional virtual disk and rebuild your RAID array
View answer
Correct Answer: A
Question #7
What is the purpose of trigger variables?
A. To display statistics about the playbook runtime
B. To use information from the trigger to filter the action in a task
C. To provide the trigger information to make the playbook start running
D. To store the start times of playbooks with On_Schedule triggers
View answer
Correct Answer: B
Question #8
A playbook contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.What will be the status of the playbook after its execution?
A. Failed
B. Success
C. Upstream_failed
D. Running
View answer
Correct Answer: B
Question #9
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)
A. ogfiled
B. ftpd
C. qlplugind
D. iglogd
View answer
Correct Answer: BC
Question #10
Which two statements are true regarding the outbreak detection service? (Choose two.)
A. New alerts are received by email
B. Outbreak alerts are available on the root ADOM only
C. An additional license is required
D. It automatically downloads new event handlers and reports
View answer
Correct Answer: CD
Question #11
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:
A. se DNS
B. se host name resolution
C. se real-time forwarding
D. se an NTP server
View answer
Correct Answer: D
Question #12
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
A. acros are ADOM specific and each ADOM will have unique macros relevant to that ADOM
B. acros are supported only on the FortiGate ADOM
C. acros are useful in generating excel log files automatically based on the reports settings
D. acros are predefined templates for reports and cannot be customized
View answer
Correct Answer: AC
Question #13
What is the purpose of the following CLI command?
A. o add a log file checksum
B. o add the MD's hash value and authentication code
C. o add a unique tag to each log to prove that it came from this FortiAnalyzer
D. o encrypt log communications
View answer
Correct Answer: A
Question #14
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:
A. se DNS
B. se host name resolution
C. se real-time forwarding
D. se an NTP server
View answer
Correct Answer: D
Question #15
Which statements are correct regarding FortiAnalyzer reports? (Choose two)
A. ortiView
B. vent Management
C. evice Manger
D. eporting
View answer
Correct Answer: AB
Question #16
What is the purpose of employing RAID with FortiAnalyzer?
A. o introduce redundancy to your log data
B. o provide data separation between ADOMs
C. o separate analytical and archive data
D. o back up your logs
View answer
Correct Answer: A
Question #17
After you have moved a registered logging device out of one ADOM and into a new ADOM. what is the purpose of running the following CLI command? execute sql-local rebuild-adom
A. To reset the disk quota enforcement to default
B. To migrate the archive logs to the new ADOM
C. To remove the analytics logs of the device from the old database
D. To populate the new ADOM with analytical logs for the moved device, so you can run reports
View answer
Correct Answer: D
Question #18
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
A. rom the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage
B. rom the VM host manager, expand the size of the existing virtual disk
C. rom the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk
D. rom the VM host manager, add an additional virtual disk and rebuild your RAID array
View answer
Correct Answer: A
Question #19
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?
A. onfigure local DNS servers on FortiAnalyzer
B. esolve IPs on FortiGate
C. onfigure # set resolve-ip enable in the system FortiView settings
D. esolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve
View answer
Correct Answer: B
Question #20
If you upgrade the FortiAnalyzer firmware, which report element can be affected?
A. ustom datasets
B. eport scheduling
C. eport settings
D. utput profiles
View answer
Correct Answer: A
Question #21
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
A. he total disk space is insufficient and you need to add other disk
B. PU resources are too high
C. he ADOM disk quota is set too low based on log rates
D. ogs in that ADOM are being forwarded in real-time to another FortiAnalyzer device
View answer
Correct Answer: C
Question #22
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
A. se static routes
B. se administrative profiles
C. se trusted hosts
D. se secure protocols
View answer
Correct Answer: C
Question #23
What is the purpose of output variables?
A. To display details of the connectors used by a playbook
B. To store playbook execution statistics
C. To save all the task settings when a playbook is exported
D. To use the output of the previous task as the input of the current task
View answer
Correct Answer: D
Question #24
View the exhibit.Why is the total quota less than the total system storage?
A.
B. ome space is reserved for system use, such as storage of compression files, upload files, and temporary report files
C. he oftpd process has not archived the logs yet
D. he logfiled process is just estimating the total quota
View answer
Correct Answer: B
Question #25
Refer to the exhibits.How many events will be added to the incident created after running this playbook?
A. Thirteen events will be added
B. Five events will be added
C. No events will be added
D. Ten events will be added
View answer
Correct Answer: D
Question #26
For which two purposes would you use the command set log checksum? (Choose two.)
A. To prevent log modification or tampering
B. To send an identical set of logs to a second logging server
C. To encrypt log communications
D. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
View answer
Correct Answer: AD
Question #27
If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?
A. The firmware version is checked first
B. The active port number is checked first
C. The configured IP address is checked first
D. The configured priority is checked first
View answer
Correct Answer: D
Question #28
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed. What is the recommended method to replace the disk?
A. ortiAnalyzer is ensuring that the parity data of a redundant drive is valid
B. ortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
C. ortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
D. ortiAnalyzer is functioning normally
View answer
Correct Answer: A
Question #29
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command? execute sql-local rebuild-adom
A. o reset the disk quota enforcement to default
B. o remove the analytics logs of the device from the old database
C. o migrate the archive logs to the new ADOM
D. o populate the new ADOM with analytical logs for the moved device, so you can run reports
View answer
Correct Answer: D
Question #30
You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?
A. ortiAnalyzer resets the disk quota of the new ADOM to default
B. ortiAnalyzer migrates archive logs to the new ADOM
C. ortiAnalyzer migrates analytics logs to the new ADOM
D. ortiAnalyzer removes logs from the old ADOM
View answer
Correct Answer: C
Question #31
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?
A. esolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
B. onfigure # set resolve-ip enable in the system FortiView settings
C. onfigure local DNS servers on FortiAnalyzer
D. esolve IP addresses on FortiGate
View answer
Correct Answer: D
Question #32
How are logs forwarded when FortiAnalyzer is using aggregation mode?
A. ogs are forwarded as they are received and content files are uploaded at a scheduled time
B. ogs and content files are stored and uploaded at a scheduled time
C. ogs are forwarded as they are received
D. ogs and content files are forwarded as they are received
View answer
Correct Answer: B
Question #33
What FortiGate process caches logs when FortiAnalyzer is not reachable?
A. ogfiled
B. qlplugind
C. ftpd
D. iglogd
View answer
Correct Answer: D
Question #34
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?
A. he log file is stored as a raw log and is available for analytic support
B. he log file rolls over and is archived
C. he log file is purged from the database
D. he log file is overwritten
View answer
Correct Answer: B
Question #35
What are offline logs on FortiAnalyzer?
A. se this command only if the source IP addresses are not resolved on FortiGate
B. t resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer
C. ou must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer
D. t resolves the destination IP address to a hostname in FortiView on FortiAnalyzer
View answer
Correct Answer: A
Question #36
You created a playbook on FortiAnalyzer that uses a FortiOS connector.When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
A. FortiAnalyzer Event Handler
B. Incoming webhook
C. Fabric Connector event
D. FortiOS Event Log
View answer
Correct Answer: B
Question #37
On FortiAnalyzer, what is a wildcard administrator account?
A. n account that permits access to members of an LDAP group
B. n account that allows guest access with read-only privileges
C. n account that requires two-factor authentication
D. n account that validates against any user account on a FortiAuthenticator
View answer
Correct Answer: A
Question #38
What are two advantages of setting up fabric ADOM? (Choose two.)
A. t can be edited and modified as required
B. t specifies the report layout which contains predefined texts, charts, and macros
C. t specifies report settings which contains time period, device selection, and schedule
D. t contains predefined data to generate mock reports
View answer
Correct Answer: AC
Question #39
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?execute sql-local rebuild-adom
A. o reset the disk quota enforcement to default
B. o remove the analytics logs of the device from the old database
C. o migrate the archive logs to the new ADOM
D. o populate the new ADOM with analytical logs for the moved device, so you can run reports
View answer
Correct Answer: D
Question #40
Refer to the exhibit.What does the data point at 12:20 indicate?
A. The performance of FortiAnalyzer is below the baseline
B. FortiAnalyzer is using its cache to avoid dropping logs
C. The log insert lag time is increasing
D. The sqlplugind service is caught up with new logs
View answer
Correct Answer: C
Question #41
Refer to the exhibit.Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
A. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets
B. This feature is automatically enabled for scheduled reports
C. Reports will be cached in the memory
D. Report size will be optimized to conserve disk space on FortiAnalyzer
View answer
Correct Answer: AD
Question #42
Which tabs do not appear when FortiAnalyzer is operating in Collector mode?
A. ortiAnalyzer overwrites the log files
B. ortiAnalyzer stops logging
C. ortiAnalyzer rolls the active log by renaming the file
D. ortiAnalyzer forwards logs to syslog
View answer
Correct Answer: B
Question #43
Which statement is true regarding Macros on FortiAnalyzer?
A. Macros are predefined templates for reports and cannot be customized
B. Macros are useful in generating excel log files automatically based on the report settings
C. Macros are supported only on the FortiGate ADOM
D. Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM
View answer
Correct Answer: D
Question #44
What is the purpose of the following CLI command?
A. o add a log file checksum
B. o add the MD’s hash value and authentication code
C. o add a unique tag to each log to prove that it came from this FortiAnalyzer
D. o encrypt log communications
View answer
Correct Answer: A
Question #45
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)
A. o add a unique tag to each log to prove that it came from this FortiAnalyzer
B. o add the MD5 hash value and authentication code
C. o add a log file checksum
D. o encrypt log communications
View answer
Correct Answer: BD
Question #46
How do you restrict an administrator's access to a subset of your organization's ADOMs?
A. et the ADOM mode to Advanced
B. ssign the ADOMs to the administrator's account
C. onfigure trusted hosts
D. ssign the default Super_User administrator profile
View answer
Correct Answer: B
Question #47
How are logs forwarded when FortiAnalyzer is using aggregation mode?
A. ogs are forwarded as they are received and content files are uploaded at a scheduled time
B. ogs and content files are stored and uploaded at a scheduled time
C. ogs are forwarded as they are received
D. ogs and content files are forwarded as they are received
View answer
Correct Answer: B
Question #48
Refer to the exhibit.What does the data point at 14:55 tell you?
A. hut down FortiAnalyzer and then replace the disk
B. owngrade your RAID level, replace the disk, and then upgrade your RAID level
C. lear all RAID alarms and replace the disk while FortiAnalyzer is still running
D. erform a hot swap
View answer
Correct Answer: D
Question #49
On FortiAnalyzer, what is a wildcard administrator account?
A. n account that permits access to members of an LDAP group
B. n account that allows guest access with read-only privileges
C. n account that requires two-factor authentication
D. n account that validates against any user account on a FortiAuthenticator
View answer
Correct Answer: A
Question #50
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
A. se static routes
B. se administrative profiles
C. se trusted hosts
D. se secure protocols
View answer
Correct Answer: C
Question #51
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
A. ROM
B. IMIT
C. HERE
D. RDER BY
View answer
Correct Answer: AB
Question #52
Which daemon is responsible for enforcing raw log file size?
A. his command records the log file MD5 hash value
B. his command records passwords in log files and encrypts them
C. his command encrypts log transfer between FortiAnalyzer and other devices
D. his command records the log file MD5 hash value and authentication code
View answer
Correct Answer: A
Question #53
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?
A. hart Builder
B. xport to Report Chart
C. ataset Library
D. ustom View
View answer
Correct Answer: A
Question #54
What is the purpose of employing RAID with FortiAnalyzer?
A. o introduce redundancy to your log data
B. o provide data separation between ADOMs
C. o separate analytical and archive data
D. o back up your logs
View answer
Correct Answer: A
Question #55
You need to upgrade your FortiAnalyzer firmware.What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?
A. ortiAnalyzer uses log fetching to retrieve the logs when back online
B. ortiGate uses the miglogd process to cache the logs
C. he logfiled process stores logs in offline mode
D. ogs are dropped
View answer
Correct Answer: B
Question #56
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?
A. esolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
B. onfigure # set resolve-ip enable in the system FortiView settings
C. onfigure local DNS servers on FortiAnalyzer
D. esolve IP addresses on FortiGate
View answer
Correct Answer: D
Question #57
Which statement about sending notifications with incident updates is true?
A. Notifications can be sent only when an incident is created or deleted
B. You must configure an output profile to send notifications by email
C. Each incident can send notifications to a single external platform
D. Each connector used can have different notification settings
View answer
Correct Answer: D
Question #58
What are two benefits of using fabric connectors? (Choose two.)
A. hey allow FortiAnalyzer to send logs in real-time to public cloud accounts
B. ou do not need an additional license to send logs to the cloud platform
C. abric connectors allow you to improve redundancy
D. sing fabric connectors is more efficient than using third-party polling with API
View answer
Correct Answer: AC
Question #59
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
A. QL FROM statement
B. QL GET statement
C. QL SELECT statement
D. QL EXTRACT statement
View answer
Correct Answer: D
Question #60
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)
A. ogfiled
B. ftpd
C. qlplugind
D. iglogd
View answer
Correct Answer: BC
Question #61
What purposes does the auto-cache setting on reports serve? (Choose two.)
A. utput profiles
B. eport settings
C. eport scheduling
D. ustom datasets
View answer
Correct Answer: AB
Question #62
Which item must you configure on FortiAnalyzer to email generated reports automatically?
A. utput profile
B. eport scheduling
C. FTP server
D. NMP server
View answer
Correct Answer: A
Question #63
Which two purposes does the auto cache setting on reports serve? (Choose two.)
A. ompressed logs, which are also known as archive logs, are considered to be offline logs
B. hen you restart FortiAnalyzer
C. ogs that are indexed and stored in the SQL database
D. ogs that are collected from offline devices after they boot up
View answer
Correct Answer: AD

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: