Fortinet nse5-faz-7-0 practice test
Fortinet NSE 5 - FortiAnalyzer 7.0
Last exam update: Apr 18 ,2025
Question 1
What is the purpose of output variables?
- A. To display details of the connectors used by a playbook
- B. To store playbook execution statistics
- C. To save all the task settings when a playbook is exported
- D. To use the output of the previous task as the input of the current task
Answer:
d
Question 2
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
- A. Playbooks can be exported and imported only within the same FortiAnalyzer.
- B. You can export only one playbook at a time.
- C. A playbook that was disabled when it was exported, will be disabled when it is imported.
- D. You can import a playbook even if there is another one with the same name in the destination.
Answer:
ac
Question 3
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)
- A. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
- B. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
- C. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
- D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Answer:
bd
Question 4
Refer to the exhibit.
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?
- A. This FortiAnalyzer will join to the existing HA cluster as the primary.
- B. This FortiAnalyzer is configured to receive logs in its port1.
- C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
- D. After joining to the cluster, this FortiAnalyzer will keep an updated log database.
Answer:
d
Question 5
Which statement is true regarding Macros on FortiAnalyzer?
- A. Macros are predefined templates for reports and cannot be customized.
- B. Macros are useful in generating excel log files automatically based on the report settings.
- C. Macros are supported only on the FortiGate ADOM.
- D. Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM.
Answer:
d
Question 6
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
- A. No events will be added.
- B. Ten events will be added.
- C. Five events will be added.
- D. Thirteen events will be added.
Answer:
d
Question 7
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
- A. FortiView Monitor
- B. Threat hunting
- C. Incidents dashboards
- D. Outbreak alert services
Answer:
b
Question 8
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)
- A. By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance.
- B. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
- C. When in collector mode. FortiAnalyzer supports event management and reporting features.
- D. Collector mode is the default operating mode.
Answer:
bd
Question 9
Which statement correctly describes the management extensions available on FortiAnalyzer?
- A. Management extensions do not require additional licenses.
- B. Management extensions may require a minimum number of CPU cores to run.
- C. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
- D. Management extensions require a dedicated VM for best performance.
Answer:
c
Question 10
Which statement is true about sending notifications with incident updates?
- A. You can send notifications to multiple external platforms.
- B. If you use multiple fabric connectors, all connectors must have the same notification settings.
- C. Notifications can be sent only by email.
- D. Notifications can be sent only when an incident is updated or deleted.
Answer:
a