NSE5_FAZ-7.2 Questions and Answers

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

Output profiles

Report settings

Report scheduling

Custom datasets

Click FortiView and generate a report for that administrator.

Click Task Monitor and view the tasks performed by that administrator.

Click Log View and generate a report for that administrator.

View the tasks performed by the rogue administrator in Fabric View.

FortiAnalyzer provides the ability to create custom reports.

FortiAnalyzer glows you to schedule reports to run.

FortiAnalyzer includes pre-defined reports only.

FortiAnalyzer allows reporting for FortiGate devices only.

RADIUS

Local

LDAP

PKI

TACACS+

The received rate is almost at its maximum for this device

The sqlplugind daemon is behind in log indexing by two logs

Logs are being dropped

Raw logs are reaching FortiAnalyzer faster than they can be indexed

SSL is the default setting.

SSL communications are auto-negotiated between the two devices.

SSL can send logs in real-time only.

SSL encryption levels are globally set on FortiAnalyzer.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Configure trusted hosts for that administrator.

Enable geo-location services on accessible interface.

Configure two-factor authentication with a remote RADIUS server.

Configure an ADOM for respective location.

License type

Disk size

Total quota

RAID level

Logs that reached a specific size and were rolled over

Logs that can be used to create reports

Logs that can be viewed using Log Browse

Logs that are saved to disk, compressed, and available in FortiView

You enabled auto-cache with extended log filtering.

The logfiled service has not indexed all the expected logs.

The logs were overwritten by the data retention policy.

The time frame selected in the report is wrong.

Both modes, forwarding and aggregation, support encryption of logs between devices.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

To list the current SQL processes running

To check what is the database log insertion status

To display the SOL query connections and hcache status

To view the current hcache size

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

Logs will be presented in both ADOMs immediately after the move.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Success

Failed

Running

Upstream_failed

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

Logs and content files are stored and uploaded at a scheduled time.

Logs are forwarded as they are received.

Logs and content files are forwarded as they are received.

Allows you to manage the entire life cycle of a threat or breach.

Its use of the available disk space is capped at 50%.

It requires a licensed FortiSIEM supervisor.

It can be installed as a dedicated VM.

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

Log upload

Indicators of Compromise

Log forwarding an aggregation mode

Log fetching

Log type Traffic logs.

Logs that roll over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL.

Raw logs that are compressed and saved to a log file.

A local wildcard administrator account

A remote LDAP server

A trusted host profile that restricts access to the LDAP group

An administrator group

By attaching it to an event handler alert

By editing the settings of the desired report

From the properties of an existing incident

Saving it in JSON format, and then importing it

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

operation-login & dstip==10.1.1.210 & user!-admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses themiglogdprocess to cache the logs

Thelogfiledprocess stores logs in offline mode

Logs are dropped

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

Fabric connectors allow to save storage costs and improve redundancy.

Storage connector service does not require a separate license to send logs to cloud platform.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

FortiAnalyzerl and FortiAnalyzer3

FortiAnalyzer1 and FortiAnalyzer2

All devices listed can be members

FortiAnalyzer2 and FortiAnalyzer3

SMS

Email

SNMP

IM

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

The performance of FortiAnalyzer is below the baseline.

FortiAnalyzer is using its cache to avoid dropping logs.

The log insert lag time is increasing.

The sqlplugind service is caught up with new logs.

Network analysis

Graphical reporting

Content archiving / data mining

Vulnerability assessment

Security log analysis / forensics

Improve report completion time.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

Reduce the number of hcache tables and improve auto-hcache completion time.

Provides a better summary of reports.

3.6% of the system storage is already being used.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

The oftpd process has not archived the logs yet

The logfiled process is just estimating the total quota

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.