Fortinet NSE 5 - FortiAnalyzer 6.2 v1.0
Question 1
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
- A. Antivirus logs
- B. Web filter logs
- C. IPS logs
- D. Application control logs
Answer : B
Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%
7C_____6
Question 2
Which two purposes does the auto-cache setting on reports serve? (Choose two.)
- A. It automatically updates the hcache when new logs arrive
- B. It reduces report generation time
- C. It provides diagnostics on report generation time
- D. It reduces the log insert lag rate
Answer : AB
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/282280/enabling-auto-cache
Question 3
In order for FortiAnalyzer to collect logs from a FortiGate device, which two configurations are required? (Choose two.)
- A. FortiGate must be registered with FortiAnalyzer
- B. Remote logging must be enabled on FortiGate
- C. ADOMs must be enabled
- D. Log encryption must be enabled
Answer : AC
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD41272
Question 4
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A. A local wildcard administrator account
- B. A remote LDAP server
- C. A trusted host profile that restricts access to the LDAP group
- D. An administrator group
Answer : AB
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567
Question 5
When you perform a system backup, what does the backup configuration contain? (Choose two.)
- A. Generated reports
- B. Device list
- C. Authorized devices logs
- D. System information
Answer : BD
Question 6
Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?
- A. FROM
- B. LIMIT
- C. WHERE
- D. ORDER BY
Answer : C
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500
Question 7
What is the purpose of a dataset query in FortiAnalyzer?
- A. It sorts log data into tables
- B. It extracts the database schema
- C. It retrieves log data from the database
- D. It injects log data into the database
Answer : C
Question 8
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.
What is the most likely problem?
- A. CPU resources are too high
- B. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
- C. The total disk space is insufficient and you need to add other disk
- D. The ADOM disk quota is set too low, based on log rates
Answer : D
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1100_Storage/0017_Deleted%20device%20logs.htm
Question 9
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
- A. License type
- B. Disk size
- C. Total quota
- D. RAID level
Answer : BD
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.0.5/administration-guide/929977/disk-space-allocation
Question 10
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?
- A. The log file is overwritten
- B. The log file is stored as a raw log and is available for analytic support
- C. The log file rolls over is archived
- D. The log file is purged from the database
Answer : C
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-6cf4-11e9-81a4-00505692583a/FortiAnalyzer-6.0.5-Administration-
Guide.pdf -
Question 11
Which two statements about log forwarding are true? (Choose two.)
- A. Forwarded logs cannot be filtered to match specific criteria.
- B. Logs are forwarded in real-time only.
- C. The client retains a local copy of the logs after forwarding.
- D. You can use aggregation mode only with another FortiAnalyzer.
Answer : BC
Reference:
www.fortinetguru.com/2020/07/log-forwarding-fortianalyzer-fortios-6-2-3/
Question 12
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)
- A. SMS
- B. Email
- C. SNMP
- D. IM
Answer : BC
Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm
Question 13
You have moved a registered logging device out of one ADOM and into a new ADOM.
What happens when you rebuild the new ADOM database?
- A. FortiAnalyzer migrates analytics logs to the new ADOM.
- B. FortiAnalyzer removes analytics logs from the old ADOM.
- C. FortiAnalyzer resets the disk quota of the new ADOM to default.
- D. FortiAnalyzer migrates archive logs to the new ADOM.
Answer : A
Question 14
Consider the CLI command:
What is the purpose of the command?
- A. To add a unique tag to each log to prove that it came from this FortiAnalyzer
- B. To add the MD5 hash value and authentication code
- C. To add a log file checksum
- D. To encrypt log communications
Answer : B
Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.0.3/cli-reference/849211/global
Question 15
How are logs forwarded when FortiAnalyzer is configured to use aggregation mode?
- A. Logs are forwarded as they are received.
- B. Logs are forwarded as they are received and content files are uploaded at a scheduled time.
- C. Logs and content files are stored and uploaded at a scheduled time.
- D. Logs and content files are forwarded as they are received.
Answer : D