NSE5_FAZ-6.4 Online Practice Questions and Answers

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.

What is the most likely problem?

A. CPU resources are too high

B. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C. The total disk space is insufficient and you need to add other disk

D. The ADOM disk quota is set too low, based on log rates

An administrator has moved FortiGate A from the root ADOM to ADOM1. Which two statements are true regarding logs? (Choose two.)

A. Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B. Archived logs will be moved to ADOM1 from the root ADOM automatically.

C. Logs will be presented in both ADOMs immediately after the move.

D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

What are two advantages of setting up fabric ADOM? (Choose two.)

A. It can be used for fast data processing and log correlation

B. It can be used to facilitate communication between devices in same Security Fabric

C. It can include all Fortinet devices that are part of the same Security Fabric

D. It can include only FortiGate devices that are part of the same Security Fabric

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

A. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

A. Antivirus logs

B. Web filter logs

C. IPS logs

D. Application control logs

What are two of the key features of FortiAnalyzer? (Choose two.)

A. Centralized log repository

B. Cloud-based management

C. Reports

D. Virtual domains (VDOMs)

An administrator has configured the following settings:

config system fortiview settings set resolve-ip enable end

What is the significance of executing this command?

A. Use this command only if the source IP addresses are not resolved on FortiGate.

B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

View the exhibit.

What does the data point at 14:35 tell you?

A. FortiAnalyzer is dropping logs.

B. FortiAnalyzer is indexing logs faster than logs are being received.

C. FortiAnalyzer has temporarily stopped receiving logs so older logs' can be indexed.

D. The sqlplugind daemon is ahead in indexing by one log.

What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two)

A. FortiAnalyzer distinguishes different devices by their serial number.

B. FortiAnalyzer receives logs from d devices in a duster.

C. FortiAnalyzer receives bgs only from the primary device in the cluster.

D. FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

A. To upload logs to an SFTP server

B. To prevent log modification during backup

C. To send an identical set of logs to a second logging server

D. To encrypt log communication between devices