Fortinet nse5-faz-7-2 practice test

How can you attach a report to an incident?

• A. By attaching it to an event handler alert
• B. By editing the settings of the desired report
• C. From the properties of an existing incident
• D. Saving it in JSON format, and then importing it

A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails.
What will be the status of the playbook after it is run?

• A. Running
• B. Failed
• C. Upstream_failed
• D. Success

Which statement describes online logs on FortiAnalyzer?

• A. Logs that reached a specific size and were rolled over
• B. Logs that can be used to create reports
• C. Logs that can be viewed using Log Browse
• D. Logs that are saved to disk, compressed, and available in FortiView

Which log will generate an event with the status Contained?

• A. An IPS log with action=pass.
• B. AWebFilter log with action=dropped.
• C. An AV log with action=quarantine.
• D. An AppControl log with action=blocked.

What must you consider when using log fetching? (Choose two.)

• A. The fetch client can retrieve logs from devices that are not added to its local Device Manager.
• B. You can use filters to include only logs from a single device.
• C. The fetching profile must include a user with the Super_User profile.
• D. The archive logs retrieved from the server become archive logs in the client.

Refer to the exhibit.



The image shows the details of a playbook after it finished running.

What is the status of the playbook?

• A. Running
• B. Success
• C. Upstream_failed
• D. Failed

Which statement about sending notifications with incident updates is true?

• A. Notifications can be sent only when an incident is created or deleted.
• B. You must configure an output profile to send notifications by email.
• C. Each incident can send notifications to a single external platform.
• D. Each connector used can have different notification settings.

Refer to the exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

• A. To add a new chart under FortiView to be used in new reports
• B. To build a dataset and chart automatically, based on the filtered search results
• C. To add charts directly to generate reports in the current ADOM
• D. To build a chart automatically based on the top 100 log entries

Which two methods can you use to send notifications when an event occurs that matches a configured event handier? (Choose two.)

• A. Send Alert through Fabric Connectors
• B. Send Alert through FortiSIEM MEA
• C. Send SNMP trap
• D. Send SMS notification

Which statement correctly describes the management extensions available on FortiAnalyzer?

• A. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
• B. Management extensions may require a minimum number of CPU cores to run.
• C. Management extensions require a dedicated VM for best performance.
• D. Management extensions do not require additional licenses.