The Secret Of Fortinet NSE5_FAZ-6.4 Exam Question

NEW QUESTION 1
Which statement is true regarding Macros on FortiAnalyzer?

• A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
• B. Macros are supported only on the FortiGate ADOM.
• C. Macros are useful in generating excel log files automatically based on the reports settings.
• D. Macros are predefined templates for reports and cannot be customized.

Answer: D

NEW QUESTION 2
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

• A. FortiAnalyzer uses log fetching to retrieve the logs when back online
• B. FortiGate uses the miglogd process to cache the logs
• C. The logfiled process stores logs in offline mode
• D. Logs are dropped

Answer: B

Explanation:

NEW QUESTION 3
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

• A. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
• B. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
• C. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
• D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Answer: AB

NEW QUESTION 4
Which daemon is responsible for enforcing raw log file size?

• A. logfiled
• B. oftpd
• C. sqlplugind
• D. miglogd

Answer: A

NEW QUESTION 5
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

• A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.
• B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.
• C. Both secure communications methods (SSL and IPsec) allow the store and upload option.
• D. Disk logging is enabled on the FortiGate through the CLI only.
• E. Disk logging is enabled by default on the FortiGate.

Answer: BCD

NEW QUESTION 6
An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end
What is the significance of executing this command?

• A. Use this command only if the source IP addresses are not resolved on FortiGate.
• B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
• C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
• D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Answer: D

NEW QUESTION 7
View the exhibit.

What does the data point at 14:35 tell you?

• A. FortiAnalyzer is dropping logs.
• B. FortiAnalyzer is indexing logs faster than logs are being received.
• C. FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
• D. The sqlplugind daemon is ahead in indexing by one log.

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-wi

NEW QUESTION 8
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. What can be the reason for this failure?

• A. FortiAnalyzer is in an HA cluster.
• B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
• C. ADOMs are not enabled on FortiAnalyzer.
• D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

Answer: C

NEW QUESTION 9
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

• A. In aggregation mode, you can forward logs to syslog and CEF servers as well.
• B. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
• C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
• D. Both modes, forwarding and aggregation, support encryption of logs between devices.

Answer: CD

NEW QUESTION 10
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?

• A. Use static routes
• B. Use administrative profiles
• C. Use trusted hosts
• D. Use secure protocols

Answer: C

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/186508/trusted-hosts

NEW QUESTION 11
Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)

• A. Mail server
• B. Output profile
• C. SFTP server
• D. Report scheduling

Answer: AB

NEW QUESTION 12
View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

• A. The disk quota for the FortiAnalyzer model
• B. The disk quota for all devices in the ADOM
• C. The disk quota for each device in the ADOM
• D. The disk quota for the ADOM type

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-log-storage-pol

NEW QUESTION 13
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days.
What is the most likely problem?

• A. Quota enforcement is acting on analytical data before a report is complete
• B. Logs are rolling before the report is run
• C. CPU resources are too high
• D. Disk utilization for archive logs is set for 15 days

Answer: B

NEW QUESTION 14
Refer to the exhibit.

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

• A. It creates a wildcard administrator using LDAP and RADIUS servers.
• B. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.
• C. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.
• D. It allows administrators to use two-factor authentication.

Answer: BC

NEW QUESTION 15
How are logs forwarded when FortiAnalyzer is using aggregation mode?

• A. Logs are forwarded as they are received and content files are uploaded at a scheduled time.
• B. Logs and content files are stored and uploaded at a scheduled time.
• C. Logs are forwarded as they are received.
• D. Logs and content files are forwarded as they are received.

Answer: B

Explanation:
https://www.fortinetguru.com/2020/07/log-forwarding-fortianalyzer-fortios-6-2-3/ https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/420493/modes

NEW QUESTION 16
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?

• A. Click FortiView and generate a report for that administrator.
• B. Click Task Monitor and view the tasks performed by that administrator.
• C. Click Log View and generate a report for that administrator.
• D. View the tasks performed by the rogue administrator in Fabric View.

Answer: B

NEW QUESTION 17
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

• A. To upload logs to an SFTP server
• B. To prevent log modification during backup
• C. To send an identical set of logs to a second logging server
• D. To encrypt log communication between devices

Answer: D

NEW QUESTION 18
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

• A. Use DNS
• B. Use host name resolution
• C. Use real-time forwarding
• D. Use an NTP server

Answer: D

NEW QUESTION 19
What is the purpose of a dataset query in FortiAnalyzer?

• A. It sorts log data into tables
• B. It extracts the database schema
• C. It retrieves log data from the database
• D. It injects log data into the database

Answer: C

NEW QUESTION 20
What are the operating modes of FortiAnalyzer? (Choose two)

• A. Standalone
• B. Manager
• C. Analyzer
• D. Collector

Answer: CD

NEW QUESTION 21
......