NSE5_FAZ-7.0 Online Practice Questions and Answers

Refer to the exhibits.

Page 306 of 7.0 study guide Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG- FAZ/2300_Reports/0025_Auto-cache.htm

How many events will be added to the incident created after running this playbook?

A. Ten events will be added.

B. No events will be added.

C. Five events will be added.

D. Thirteen events will be added.

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command? execute sql-local rebuild-adom

A. To reset the disk quota enforcement to default

B. To remove the analytics logs of the device from the old database

C. To migrate the archive logs to the new ADOM

D. To populate the new ADOM with analytical logs for the moved device, so you can run reports

What does the disk status Degraded mean for RAID management?

A. One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.

B. The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

C. The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.

D. The hard driveiIs no longer being used by the RAID controller

What is the purpose of a predefined template on the FortiAnalyzer?

A. It can be edited and modified as required

B. It specifies the report layout which contains predefined texts, charts, and macros

C. It specifies report settings which contains time period, device selection, and schedule

D. It contains predefined data to generate mock reports

When working with FortiAnalyzer reports, what is the purpose of a dataset?

A. To provide the layout used for reports

B. To define the chart type to be used

C. To retrieve data from the database

D. To set the data included in templates

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)

A. Virtual domains

B. Administrative access profiles

C. Trusted hosts

D. Security Fabric

View the exhibit.

What does the data point at 14:35 tell you?

A. FortiAnalyzer is dropping logs.

B. FortiAnalyzer is indexing logs faster than logs are being received.

C. FortiAnalyzer has temporarily stopped receiving logs so older logs' can be indexed.

D. The sqlplugind daemon is ahead in indexing by one log.

Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)

A. SMS

B. Email

C. SNMP

D. IM

Which two statements are correct regarding the export and import of playbooks? (Choose two.)

A. Playbooks can be exported and imported only within the same FortiAnalyzer.

B. You can export only one playbook at a time.

C. A playbook that was disabled when it was exported, will be disabled when it is imported.

D. You can import a playbook even if there is another one with the same name in the destination.

Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

A. The total disk space is insufficient and you need to add other disk.

B. CPU resources are too high.

C. The ADOM disk quota is set too low based on log rates.

D. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.