Fortinet nse5-faz-7-0 practice test

For which two purposes would you use the command set log checksum? (Choose two.)

• A. To prevent log modification or tampering
• B. To send an identical set of logs to a second logging server
• C. To encrypt log communications
• D. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results.
Similarly, which feature can you use for FortiView?

• A. Export to Custom Chart
• B. Export to PDF
• C. Export to Chart Builder
• D. Export to Report Chart

Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)

• A. FortiAnalyzer HA can function without VRRP, and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
• B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
• C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
• D. FortiAnalyzer HA implementation is supported by all cloud providers.

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?

• A. A pre-shared key
• B. The FortiGate serial number
• C. A FortiGate ADOM
• D. Valid FortiAnalyzer credentials

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

• A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
• B. Make sure all endpoints are reachable by FortiAnalyzer.
• C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
• D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Which statement is true about sending notifications with incident updates?

• A. You can send notifications to multiple external platforms.
• B. If you use multiple fabric connectors, all connectors must have the same notification settings.
• C. Notifications can be sent only by email.
• D. Notifications can be sent only when an incident is updated or deleted.

Which statement correctly describes the management extensions available on FortiAnalyzer?

• A. Management extensions do not require additional licenses.
• B. Management extensions may require a minimum number of CPU cores to run.
• C. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
• D. Management extensions require a dedicated VM for best performance.

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

• A. By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance.
• B. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
• C. When in collector mode. FortiAnalyzer supports event management and reporting features.
• D. Collector mode is the default operating mode.

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

• A. FortiView Monitor
• B. Threat hunting
• C. Incidents dashboards
• D. Outbreak alert services

Refer to the exhibits.


How many events will be added to the incident created after running this playbook?

• A. No events will be added.
• B. Ten events will be added.
• C. Five events will be added.
• D. Thirteen events will be added.