NSE5_FAZ-7.2 Fortinet NSE 5 - FortiAnalyzer 7.2 Analyst Questions and Answers

The received rate is almost at its maximum for this device

The sqlplugind daemon is behind in log indexing by two logs

Logs are being dropped

Raw logs are reaching FortiAnalyzer faster than they can be indexed

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

License type

Disk size

Total quota

RAID level

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

To provide the layout used for reports

To define the chart type to be used

To retrieve data from the database

To set the data included in templates

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

Make sure all endpoints are reachable by FortiAnalyzer.

Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

The security risk was blocked or dropped.

The security event risk is considered open.

An incident was created from this event.

The risk source is isolated.

To add a new chart under FortiView to be used in new reports

To build a dataset and chart automatically, based on the filtered search results

To add charts directly to generate reports in the current ADOM

To build a chart automatically based on the top 100 log entries

FortiAnalyzer distinguishes different devices by their serial number.

FortiAnalyzer receives logs from d devices in a duster.

FortiAnalyzer receives bgs only from the primary device in the cluster.

FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

Log type Traffic logs.

Logs that roll over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL.

Raw logs that are compressed and saved to a log file.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure# set resolve-ip enablein the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage

From the VM host manager, expand the size of the existing virtual disk

From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk

From the VM host manager, add an additional virtual disk and rebuild your RAID array

Compressed logs, which are also known as archive logs, are considered to be offline logs.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

Logs that are indexed and stored in the SQL database.

Logs that are collected from offline devices after they boot up.

Output profiles

Report settings

Report scheduling

Custom datasets

To list the current SQL processes running

To check what is the database log insertion status

To display the SOL query connections and hcache status

To view the current hcache size

You can export only one playbook at a time.

You can import a playbook even if there is another one with the same name in the destination.

Playbooks can be exported and imported only within the same FortiAnaryzer.

A playbook that was disabled when it was exported, will be disabled when it is imported.

Fortinet is assigned the Standard_ User administrator profile.

A trusted host is configured.

ADOM mode is configured with Advanced mode.

Fortinet is assigned the Restricted_ User administrator profile.

To introduce redundancy to your log data

To provide data separation between ADOMs

To separate analytical and archive data

To back up your logs

Network analysis

Graphical reporting

Content archiving / data mining

Vulnerability assessment

Security log analysis / forensics

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

The number of times in the logs where end users experienced slowness while accessing resources.

The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.

The amount of time FortiAnalyzer takes to receive logs from a registered device

logfiled

oftpd

sqlplugind

miglogd

Hot swap the disk.

There is no need to do anything because the disk will self-recover.

Run execute format disk to format and restart the FortiAnalyzer device.

Shut down FortiAnalyzer and replace the disk

Standalone

Manager

Analyzer

Collector

SFTP, FTP, or SCP server

Mail server

Output profile

Report scheduling

FROM

LIMIT

WHERE

ORDER BY

FortiAnalyzer needs that time to parse the new playbook.

FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

It requires a FortiManager configured to manage FortiGate

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

It runs as a docker container on FortiAnalyzer

FortiAnalyzer is dropping logs.

FortiAnalyzer is indexing logs faster than logs are being received.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

The sqlplugind daemon is ahead in indexing by one log.

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

It can be used for fast data processing and log correlation

It can be used to facilitate communication between devices in same Security Fabric

It can include all Fortinet devices that are part of the same Security Fabric

It can include only FortiGate devices that are part of the same Security Fabric

The total disk space is insufficient and you need to add other disk.

CPU resources are too high.

The ADOM disk quota is set too low based on log rates.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

Macros are supported only on the FortiGate ADOM.

Macros are useful in generating excel log files automatically based on the reports settings.

Macros are predefined templates for reports and cannot be customized.

Use static routes

Use administrative profiles

Use trusted hosts

Use secure protocols

Log upload

Indicators of Compromise

Log forwarding an aggregation mode

Log fetching

The performance of FortiAnalyzer is below the baseline.

FortiAnalyzer is using its cache to avoid dropping logs.

The log insert lag time is increasing.

The sqlplugind service is caught up with new logs.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.