Fortinet nse5-faz-7-2 practice test

Which two methods can you use to send notifications when an event occurs that matches a configured event handier? (Choose two.)

• A. Send Alert through Fabric Connectors
• B. Send Alert through FortiSIEM MEA
• C. Send SNMP trap
• D. Send SMS notification

What must you consider when using log fetching? (Choose two.)

• A. The fetch client can retrieve logs from devices that are not added to its local Device Manager.
• B. You can use filters to include only logs from a single device.
• C. The fetching profile must include a user with the Super_User profile.
• D. The archive logs retrieved from the server become archive logs in the client.

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

• A. To add a new chart under FortiView to be used in new reports
• B. To build a dataset and chart automatically, based on the filtered search results
• C. To add charts directly to generate reports in the current ADOM
• D. To build a chart automatically based on the top 100 log entries

Which two statements are true regarding the outbreak detection service? (Choose two.)

• A. New alerts are received by email.
• B. Outbreak alerts are available on the root ADOM only.
• C. An additional license is required.
• D. It automatically downloads new event handlers and reports.

Why must you wait for several minutes before you run a playbook that you just created?

• A. FortiAnalyzer needs that time to parse the new playbook.
• B. FortiAnalyzer needs that time to back up the current playbooks.
• C. FortiAnalyzer needs that time to ensure there are no other playbooks running.
• D. FortiAnalyzer needs that time to debug the new playbook.

Which log will generate an event with the status Contained?

• A. An IPS log with action=pass.
• B. AWebFilter log with action=dropped.
• C. An AV log with action=quarantine.
• D. An AppControl log with action=blocked.

Which statement about the FortiSIEM management extension is correct?

• A. Allows you to manage the entire life cycle of a threat or breach.
• B. Its use of the available disk space is capped at 50%.
• C. It requires a licensed FortiSIEM supervisor.
• D. It can be installed as a dedicated VM.

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

• A. Outbreak alert services
• B. FortiView Monitor
• C. Threat hunting
• D. Incidents dashboard

Which statement describes archive logs on FortiAnalyzer?

• A. Logs compressed and saved in files with the .gz extension
• B. Logs a FortiAnalyzer administrator can access in FortiView
• C. Logs that are indexed and stored in the SQL database
• D. Logs previously collected from devices that are offline

Refer to the exhibit.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than admin, and coming from Laptop1.
Which filter will achieve the desired result?

• A. operation~login & dstip==10.1.1.210 & user!~admin
• B. operation~login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
• C. operation~login & performed_on=="GUI(10.1.1.210)" & user!=admin
• D. operation~login & performed_on=="GUI(10.1.1.100)" & user!=admin