DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the Fortinet NSE5 Exam Easily with Updated NSE5_FAZ-7.2 Practice Questions

When gearing up for the Fortinet NSE5_FAZ-7.2 exam, SPOTO's curated collection of exam questions and answers serves as a pivotal resource. These test questions are meticulously designed to mirror the actual exam, providing you with a hands-on experience that prepares you for what to expect on test day. Incorporating SPOTO's exam questions into your study regimen enables you to gauge your proficiency in various exam topics and identify areas that require further attention. Their comprehensive study materials complement the exam questions, offering in-depth coverage of key concepts and ensuring a thorough understanding of the exam syllabus. Furthermore, SPOTO's exam resources equip you with valuable strategies and tips to enhance your exam preparation and boost your confidence. Engaging in mock exams allows you to simulate exam conditions and practice time management, setting you up for success when it's time to pass the NSE5_FAZ-7.2 exam.
Take other online exams

Question #1
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?
A. he total disk space is insufficient and you need to add other disk
B. PU resources are too high
C. he ADOM disk quota is set too low based on log rates
D. ogs in that ADOM are being forwarded in real-time to another FortiAnalyzer device
View answer
Correct Answer: C
Question #2
What must you consider when using log fetching? (Choose two.)
A. The fetch client can retrieve logs from devices that are not added to its local Device Manager
B. You can use filters to include only logs from a single device
C. The fetching profile must include a user with the Super_User profile
D. The archive logs retrieved from the server become archive logs in the client
View answer
Correct Answer: AB
Question #3
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?
A. he log file is stored as a raw log and is available for analytic support
B. he log file rolls over and is archived
C. he log file is purged from the database
D. he log file is overwritten
View answer
Correct Answer: B
Question #4
What purposes does the auto-cache setting on reports serve? (Choose two.)
A. utput profiles
B. eport settings
C. eport scheduling
D. ustom datasets
View answer
Correct Answer: AB
Question #5
What FortiGate process caches logs when FortiAnalyzer is not reachable?
A. ogfiled
B. qlplugind
C. ftpd
D. iglogd
View answer
Correct Answer: D
Question #6
Which statement about the FortiSOAR management extension is correct?
A. t requires a FortiManager configured to manage FortiGate
B. t requires a dedicated FortiSOAR device or VM
C. t does not include a limited trial by default
D. t runs as a docker container on FortiAnalyzer
View answer
Correct Answer: D
Question #7
Refer to the exhibit.What is the purpose of using the Chart Builder feature on FortiAnalyzer?
A. To add a new chart under FortiView to be used in new reports
B. To build a dataset and chart automatically, based on the filtered search results
C. To add charts directly to generate reports in the current ADOM
D. To build a chart automatically based on the top 100 log entries
View answer
Correct Answer: B
Question #8
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?
A. o upload logs to an SFTP server
B. o prevent log modification during backup
C. o send an identical set of logs to a second logging server
D. o encrypt log communication between devices
View answer
Correct Answer: D
Question #9
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
A. o properly correlate logs
B. o use real-time forwarding
C. o resolve host names
D. o improve DNS response times
View answer
Correct Answer: A
Question #10
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?
A. hart Builder
B. xport to Report Chart
C. ataset Library
D. ustom View
View answer
Correct Answer: B
Question #11
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.What is the recommended method to replace the disk?
A. ortiAnalyzer is ensuring that the parity data of a redundant drive is valid
B. ortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
C. ortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
D. ortiAnalyzer is functioning normally
View answer
Correct Answer: A
Question #12
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
A. ROM
B. IMIT
C. HERE
D. RDER BY
View answer
Correct Answer: AB
Question #13
Refer to the exhibit.The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.What can you conclude from the configuration displayed?
A. This FortiAnalyzer will join to the existing HA cluster as the primary
B. This FortiAnalyzer is configured to receive logs in its port1
C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds
D. After joining to the cluster, this FortiAnalyzer will keep an updated log database
View answer
Correct Answer: D
Question #14
In FortiAnalyzer's FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?
A. onfigure local DNS servers on FortiAnalyzer
B. esolve IPs on FortiGate
C. onfigure # set resolve-ip enable in the system FortiView settings
D. esolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve
View answer
Correct Answer: B
Question #15
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
A. he disk quota for the FortiAnalyzer model
B. he disk quota for all devices in the ADOM
C. he disk quota for each device in the ADOM
D. he disk quota for the ADOM type
View answer
Correct Answer: BD
Question #16
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails.What will be the status of the playbook after it is run?
A. Running
B. Failed
C. Upstream_failed
D. Success
View answer
Correct Answer: B
Question #17
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy. What is the most likely problem?
A. PU resources are too high
B. ogs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
C. he total disk space is insufficient and you need to add other disk
D. he ADOM disk quota is set too low, based on log rates
View answer
Correct Answer: D
Question #18
What is the purpose of a dataset query in FortiAnalyzer?
A. t sorts log data into tables
B. t extracts the database schema
C. t retrieves log data from the database
D. t injects log data into the database
View answer
Correct Answer: C
Question #19
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
A. The size of newly generated reports is optimized to conserve disk space
B. FortiAnalyzer local cache is used to store generated reports
C. When new logs are received, the hard-cache data is updated automatically
D. The generation time for reports is decreased
View answer
Correct Answer: CD
Question #20
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used.What does the disk quota refer to?
A. he maximum disk utilization for each device in the ADOM
B. he maximum disk utilization for the FortiAnalyzer model
C. he maximum disk utilization for the ADOM type
D. he maximum disk utilization for all devices in the ADOM
View answer
Correct Answer: D
Question #21
Which daemon is responsible for enforcing raw log file size?
A. his command records the log file MD5 hash value
B. his command records passwords in log files and encrypts them
C. his command encrypts log transfer between FortiAnalyzer and other devices
D. his command records the log file MD5 hash value and authentication code
View answer
Correct Answer: A
Question #22
Which statements are correct regarding FortiAnalyzer reports? (Choose two)
A. ortiView
B. vent Management
C. evice Manger
D. eporting
View answer
Correct Answer: AB
Question #23
What can the CLI command # diagnose test application oftpd 3 help you to determine?
A. hat devices and IP addresses are connecting to FortiAnalyzer
B. hat logs, if any, are reaching FortiAnalyzer
C. hat ADOMs are enabled and configured
D. hat devices are registered and unregistered
View answer
Correct Answer: A
Question #24
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?
A. o upload logs to an SFTP server
B. o prevent log modification during backup
C. o send an identical set of logs to a second logging server
D. o encrypt log communication between devices
View answer
Correct Answer: D
Question #25
Why run the command diagnose sql status sqlplugind?
A. o list the current SQL processes running
B. o check what is the database log insertion status
C. o display the SOL query connections and hcache status
D. o view the current hcache size
View answer
Correct Answer: C
Question #26
What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?
A. og correlation
B. ost name resolution
C. og collection
D. eal-time forwarding
View answer
Correct Answer: A
Question #27
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data?
A. ot swap the disk
B. eplace the disk and rebuild the RAID manually
C. ake no action if the RAID level supports a failed disk
D. hut down FortiAnalyzer and replace the disk
View answer
Correct Answer: D
Question #28
View the exhibit. What does the data point at 14:35 tell you?
A. ortiAnalyzer is dropping logs
B. ortiAnalyzer is indexing logs faster than logs are being received
C. ortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed
D. he sqlplugind daemon is ahead in indexing by one log
View answer
Correct Answer: B
Question #29
Refer to the exhibit.What does the data point at 12.20 indicate?
A. he performance of FortiAnalyzer is below the baseline
B. ortiAnalyzer is using its cache to avoid dropping logs
C. he log insert lag time is increasing
D. he sqlplugind service is caught up with new logs
View answer
Correct Answer: C
Question #30
For which two purposes would you use the command set log checksum? (Choose two.)
A. he received rate is almost at its maximum for this device
B. he sqlplugind daemon is behind in log indexing by two logs
C. ogs are being dropped
D. aw logs are reaching FortiAnalyzer faster than they can be indexed
View answer
Correct Answer: AB
Question #31
Which statement about the FortiSIEM management extension is correct?
A. Allows you to manage the entire life cycle of a threat or breach
B. Its use of the available disk space is capped at 50%
C. It requires a licensed FortiSIEM supervisor
D. It can be installed as a dedicated VM
View answer
Correct Answer: C
Question #32
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
A. Both modes, forwarding and aggregation, support encryption of logs between devices
B. In aggregation mode, you can forward logs to syslog and CEF servers as well
C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time
D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices
View answer
Correct Answer: BD
Question #33
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?
A. og upload
B. ndicators of Compromise
C. og forwarding an aggregation mode
D. og fetching
View answer
Correct Answer: D
Question #34
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data?
A. ot swap the disk
B. eplace the disk and rebuild the RAID manually
C. ake no action if the RAID level supports a failed disk
D. hut down FortiAnalyzer and replace the disk
View answer
Correct Answer: D
Question #35
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
A. ntivirus logs
B. eb filter logs
C. PS logs
D. pplication control logs
View answer
Correct Answer: B
Question #36
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?
A. og upload
B. ndicators of Compromise
C. og forwarding an aggregation mode
D. og fetching
View answer
Correct Answer: D
Question #37
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
A. You can import a playbook even if there is another one with the same name in the destination
B. Playbooks can be exported and imported only within the same FortiAnalyzer device
C. You can export only one playbook at a time
D. A playbook that was disabled when it was exported will be disabled when it is imported
View answer
Correct Answer: AD
Question #38
What can the CLI command # diagnose test application oftpd 3 help you to determine?
A. hat devices and IP addresses are connecting to FortiAnalyzer
B. hat logs, if any, are reaching FortiAnalyzer
C. hat ADOMs are enabled and configured
D. hat devices are registered and unregistered
View answer
Correct Answer: A
Question #39
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
A. o properly correlate logs
B. o use real-time forwarding
C. o resolve host names
D. o improve DNS response times
View answer
Correct Answer: A
Question #40
View the exhibit.What does the data point at 14:35 tell you?
A. ortiAnalyzer is dropping logs
B. ortiAnalyzer is indexing logs faster than logs are being received
C. ortiAnalyzer has temporarily stopped receiving logs so older logs' can be indexed
D. he sqlplugind daemon is ahead in indexing by one log
View answer
Correct Answer: B
Question #41
View the exhibit. Why is the total quota less than the total system storage?
A.
B. ome space is reserved for system use, such as storage of compression files, upload files, and temporary report files
C. he oftpd process has not archived the logs yet
D. he logfiled process is just estimating the total quota
View answer
Correct Answer: B
Question #42
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days. What is the most likely problem?
A. uota enforcement is acting on analytical data before a report is complete
B. ogs are rolling before the report is run
C. PU resources are too high
D. isk utilization for archive logs is set for 15 days
View answer
Correct Answer: B
Question #43
You need to upgrade your FortiAnalyzer firmware.What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?
A. ortiAnalyzer uses log fetching to retrieve the logs when back online
B. ortiGate uses the miglogd process to cache the logs
C. he logfiled process stores logs in offline mode
D. ogs are dropped
View answer
Correct Answer: B
Question #44
For which two purposes would you use the command set log checksum? (Choose two.)
A. he received rate is almost at its maximum for this device
B. he sqlplugind daemon is behind in log indexing by two logs
C. ogs are being dropped
D. aw logs are reaching FortiAnalyzer faster than they can be indexed
View answer
Correct Answer: AB
Question #45
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.What can you do on FortiAnalyzer to accomplish this?
A. Click Task Monitor and view the tasks performed by that administrator
B. Click Fabric View and view the tasks performed by the rogue administrator
C. Click Log View and generate a report for that administrator
D. Click FortiView and generate a report for that administrator
View answer
Correct Answer: C
Question #46
Refer to the exhibits.How many events will be added to the incident created after running this playbook?
A. No events will be added
B. Ten events will be added
C. Five events will be added
D. Thirteen events will be added
View answer
Correct Answer: D
Question #47
Which statement describes a dataset in FortiAnalyzer?
A. They determine what data is retrieved from the database
B. They provide the layout used for reports
C. They are used to set the data included in templates
D. They define the chart types to be used in reports
View answer
Correct Answer: A
Question #48
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
A. Outbreak alert services
B. FortiView Monitor
C. Threat hunting
D. Incidents dashboard
View answer
Correct Answer: C
Question #49
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer
B. Make sure all endpoints are reachable by FortiAnalyzer
C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device
D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date
View answer
Correct Answer: AC
Question #50
What is the purpose of a dataset query in FortiAnalyzer?
A. t sorts log data into tables
B. t extracts the database schema
C. t retrieves log data from the database
D. t injects log data into the database
View answer
Correct Answer: C
Question #51
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.What is the most likely problem?
A. PU resources are too high
B. ogs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
C. he total disk space is insufficient and you need to add other disk
D. he ADOM disk quota is set too low, based on log rates
View answer
Correct Answer: D
Question #52
Refer to the exhibit.What does the data point at 14:55 tell you?
A. hut down FortiAnalyzer and then replace the disk
B. owngrade your RAID level, replace the disk, and then upgrade your RAID level
C. lear all RAID alarms and replace the disk while FortiAnalyzer is still running
D. erform a hot swap
View answer
Correct Answer: D
Question #53
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used. What does the disk quota refer to?
A. he maximum disk utilization for each device in the ADOM
B. he maximum disk utilization for the FortiAnalyzer model
C. he maximum disk utilization for the ADOM type
D. he maximum disk utilization for all devices in the ADOM
View answer
Correct Answer: D
Question #54
Which log will generate an event with the status Contained?
A. An IPS log with action=pass
B. AWebFilter log with action=dropped
C. An AV log with action=quarantine
D. An AppControl log with action=blocked
View answer
Correct Answer: C
Question #55
Which tabs do not appear when FortiAnalyzer is operating in Collector mode?
A. ortiAnalyzer overwrites the log files
B. ortiAnalyzer stops logging
C. ortiAnalyzer rolls the active log by renaming the file
D. ortiAnalyzer forwards logs to syslog
View answer
Correct Answer: B
Question #56
You created a playbook on FortiAnalyzer that uses a FortiOS connector.When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
A. FortiAnalyzer Event Handler
B. Incoming webhook
C. FortiOS Event Log
D. Fabric Connector event
View answer
Correct Answer: C
Question #57
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
A. he disk quota for the FortiAnalyzer model
B. he disk quota for all devices in the ADOM
C. he disk quota for each device in the ADOM
D. he disk quota for the ADOM type
View answer
Correct Answer: BD
Question #58
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
A. Playbooks can be exported and imported only within the same FortiAnalyzer
B. You can export only one playbook at a time
C. A playbook that was disabled when it was exported, will be disabled when it is imported
D. You can import a playbook even if there is another one with the same name in the destination
View answer
Correct Answer: AC
Question #59
If you upgrade the FortiAnalyzer firmware, which report element can be affected?
A. ustom datasets
B. eport scheduling
C. eport settings
D. utput profiles
View answer
Correct Answer: A
Question #60
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
A. QL FROM statement
B. QL GET statement
C. QL SELECT statement
D. QL EXTRACT statement
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: