Most Up-to-date Fortinet NSE 5 - FortiAnalyzer 6.4 NSE5_FAZ-6.4 Test Question

NEW QUESTION 1
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

• A. SSL is the default setting.
• B. SSL communications are auto-negotiated between the two devices.
• C. SSL can send logs in real-time only.
• D. SSL encryption levels are globally set on FortiAnalyzer.
• E. FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Answer: AD

NEW QUESTION 2
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?

• A. Log upload
• B. Indicators of Compromise
• C. Log forwarding an aggregation mode
• D. Log fetching

Answer: D

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/651442/fetcher-management

NEW QUESTION 3
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server? (Choose two.)

• A. SFTP, FTP, or SCP server
• B. Mail server
• C. Output profile
• D. Report scheduling

Answer: AC

Explanation:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-6cf4-11e9-81a4-0050569258 page 119
There is an option for "uploading reports to server" under configuring the output profile. The available options are: SFTP, FTP and SCP. You have to be careful on the question itself. The question tells you to "upload reports to a server (external server). Which means, a server has been configured already in this case prior to enabling the "upload reports to server".

NEW QUESTION 4
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

• A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.
• B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.
• C. Both secure communications methods (SSL and IPsec) allow the store and upload option.
• D. Disk logging is enabled on the FortiGate through the CLI only.
• E. Disk logging is enabled by default on the FortiGate.

Answer: BCD

NEW QUESTION 5
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

• A. Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
• B. Configure # set resolve-ip enable in the system FortiView settings
• C. Configure local DNS servers on FortiAnalyzer
• D. Resolve IP addresses on FortiGate

Answer: D

Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get both
source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP resolution does destination IPs only”

NEW QUESTION 6
What are offline logs on FortiAnalyzer?

• A. Compressed logs, which are also known as archive logs, are considered to be offline logs.
• B. When you restart FortiAnalyze
• C. all stored logs are considered to be offline logs.
• D. Logs that are indexed and stored in the SQL database.
• E. Logs that are collected from offline devices after they boot up.

Answer: A

NEW QUESTION 7
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)

• A. License type
• B. Disk size
• C. Total quota
• D. RAID level

Answer: CD

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-allocation

NEW QUESTION 8
On FortiAnalyzer, what is a wildcard administrator account?

• A. An account that permits access to members of an LDAP group
• B. An account that allows guest access with read-only privileges
• C. An account that requires two-factor authentication
• D. An account that validates against any user account on a FortiAuthenticator

Answer: A

Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/747268/configuring-wildcard-admin-accounts

NEW QUESTION 9
If you upgrade the FortiAnalyzer firmware, which report element can be affected?

• A. Custom datasets
• B. Report scheduling
• C. Report settings
• D. Output profiles

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports

NEW QUESTION 10
Which statement is true regarding Macros on FortiAnalyzer?

• A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
• B. Macros are supported only on the FortiGate ADOM.
• C. Macros are useful in generating excel log files automatically based on the reports settings.
• D. Macros are predefined templates for reports and cannot be customized.

Answer: D

NEW QUESTION 11
What are two advantages of setting up fabric ADOM? (Choose two.)

• A. It can be used for fast data processing and log correlation
• B. It can be used to facilitate communication between devices in same Security Fabric
• C. It can include all Fortinet devices that are part of the same Security Fabric
• D. It can include only FortiGate devices that are part of the same Security Fabric

Answer: AC

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/448471/creating-a-security-fabric-a

NEW QUESTION 12
Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

• A. Report size will be optimized to conserve disk space on FortiAnalyzer.
• B. Reports will be cached in the memory.
• C. This feature is automatically enabled for scheduled reports.
• D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Answer: AD

NEW QUESTION 13
What purposes does the auto-cache setting on reports serve? (Choose two.)

• A. To reduce report generation time
• B. To automatically update the hcache when new logs arrive
• C. To reduce the log insert lag rate
• D. To provide diagnostics on report generation time

Answer: AB

NEW QUESTION 14
An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end
What is the significance of executing this command?

• A. Use this command only if the source IP addresses are not resolved on FortiGate.
• B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
• C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
• D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Answer: D

NEW QUESTION 15
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

• A. Antivirus logs
• B. Web filter logs
• C. IPS logs
• D. Application control logs

Answer: B

NEW QUESTION 16
View the exhibit.

What does the data point at 14:35 tell you?

• A. FortiAnalyzer is dropping logs.
• B. FortiAnalyzer is indexing logs faster than logs are being received.
• C. FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
• D. The sqlplugind daemon is ahead in indexing by one log.

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-wi

NEW QUESTION 17
Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)

• A. Mail server
• B. Output profile
• C. SFTP server
• D. Report scheduling

Answer: AB

NEW QUESTION 18
Which two statements about log forwarding are true? (Choose two.)

• A. Forwarded logs cannot be filtered to match specific criteria.
• B. Logs are forwarded in real-time only.
• C. The client retains a local copy of the logs after forwarding.
• D. You can use aggregation mode only with another FortiAnalyzer.

Answer: CD

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/420493/modes https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/621804/log-forwarding

NEW QUESTION 19
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?

• A. Output profiles
• B. Report settings
• C. Report scheduling
• D. Custom datasets

Answer: D

NEW QUESTION 20
......