Fortinet nse5-faz-6-4 practice test

Fortinet NSE 5 - FortiAnalyzer 6.4 Exam

Last exam update: Jun 14 ,2024
Page 1 out of 6. Viewing questions 1-15 out of 94

Question 1

What two things should an administrator do to view Compromised Hosts on FortiAnalyzer? (Choose
two.)

  • A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
  • B. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer.
  • C. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up-to-date.
  • D. Make sure all endpoints are reachable by FortiAnalyzer.
Answer:

BC

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-
guide/137635/viewing-compromised-hosts

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

An administrator has moved FortiGate A from the root ADOM to ADOM1.
Which two statements are true regarding logs? (Choose two.)

  • A. Analytics logs will be moved to ADOM1 from the root ADOM automatically.
  • B. Archived logs will be moved to ADOM1 from the root ADOM automatically.
  • C. Logs will be presented in both ADOMs immediately after the move.
  • D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.
Answer:

B, D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://community.fortinet.com/t5/Fortinet-Forum/FW-Migration-between-ADOMs/m-
p/32683?m=158008

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

  • A. FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
  • B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
  • C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
  • D. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.
Answer:

BC

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FMG-
FAZ/4600_HA/0000_HA.htm?TocPath=High%20Availability%7C_____0

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

  • A. Report size will be optimized to conserve disk space on FortiAnalyzer.
  • B. Reports will be cached in the memory.
  • C. This feature is automatically enabled for scheduled reports.
  • D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
Answer:

C, D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0025_Auto-
cache.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.
What can be the reason for this failure?

  • A. FortiAnalyzer is in an HA cluster.
  • B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
  • C. ADOMs are not enabled on FortiAnalyzer.
  • D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-
FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see
what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?

  • A. Click FortiView and generate a report for that administrator.
  • B. Click Task Monitor and view the tasks performed by that administrator.
  • C. Click Log View and generate a report for that administrator.
  • D. View the tasks performed by the rogue administrator in Fabric View.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortimanager/6.4.1/administration-
guide/792943/task-monitor

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Refer to the exhibit.

The exhibit shows remoteservergroup is an authentication server group with LDAP and RADIUS
servers.
Which two statements express the significance of enabling Match all users on remote server when
configuring a new administrator? (Choose two.)

  • A. It creates a wildcard administrator using LDAP and RADIUS servers.
  • B. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.
  • C. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.
  • D. It allows administrators to use two-factor authentication.
Answer:

A, B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortimanager/7.0.1/administration-
guide/858351/creating-administrators

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

  • A. When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
  • B. Collector mode is the default operating mode.
  • C. When in collector mode. FortiAnalyzer supports event management and reporting features.
  • D. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting
Answer:

AD

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-
guide/227478/collector-mode
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/312644/analyzer-
collector-collaboration

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which statement is true regarding Macros on FortiAnalyzer?

  • A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
  • B. Macros are supported only on the FortiGate ADOM.
  • C. Macros are useful in generating excel log files automatically based on the reports settings.
  • D. Macros are predefined templates for reports and cannot be customized.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.2.3/administration-
guide/617380/creating-macros

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the
administrator is not able to generate reports for FortiGate A in ADOM1.
What should the administrator do to solve this issue?

  • A. Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
  • B. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
  • C. Use the execute sql-report run ADOM1 command to run a report.
  • D. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sql-
local+.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

  • A. In aggregation mode, you can forward logs to syslog and CEF servers as well.
  • B. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
  • C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
  • D. Both modes, forwarding and aggregation, support encryption of logs between devices.
Answer:

B, C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/63238/what-is-the-
difference-between-log-forward-and-log-aggregation-modes

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which two statements are true regarding ADOM modes? (Choose two.)

  • A. You can only change ADOM modes through CLI.
  • B. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
  • C. In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
  • D. Normal mode is the default ADOM mode.
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-
FAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An administrator has configured the following settings:
config system fortiview settings
set resolve-ip enable
end
What is the significance of executing this command?

  • A. Use this command only if the source IP addresses are not resolved on FortiGate.
  • B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
  • C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
  • D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://community.fortinet.com/t5/Fortinet-Forum/Hostnames-in-FortiAnalyzer/m-
p/95351?m=156950

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

  • A. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
  • B. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
  • C. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
  • D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Answer:

B, D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/7.0.1/administration-
guide/651442/fetcher-management

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What are offline logs on FortiAnalyzer?

  • A. Compressed logs, which are also known as archive logs, are considered to be offline logs.
  • B. When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
  • C. Logs that are indexed and stored in the SQL database.
  • D. Logs that are collected from offline devices after they boot up.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://help.fortinet.com/fa/faz50hlp/56/5-6-
6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_anal
ytics_logs.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2