Fortinet nse5-faz-7-2 practice test
fortianalyzer 7.2 analyst
Question 1
Which statement is true about sending notifications with incident updates?
- A. If you use multiple fabric connectors, all connectors must have the same notification settings.
- B. Notifications can be sent only by email.
- C. Notifications can be sent only when an incident is updated or deleted.
- D. You can send notifications to multiple external platforms.
Answer:
d
Question 2
After generating a report, you notice the information you were expecting to see is not included in it.
What are two possible reasons for this scenario? (Choose two.)
- A. You enabled auto-cache with extended log filtering.
- B. The logfiled service has not indexed all the expected logs.
- C. The logs were overwritten by the data retention policy.
- D. The time frame selected in the report is wrong.
Answer:
bd
Question 3
Refer to the exhibit.
Which FortiAnalyzer tool can refer to the Cyber Kill Chain stages and allows you to identify which Fortinet products can protect you against new vulnerabilities?
- A. Threat hunting SIEM table
- B. Outbreak detection services
- C. FortiSOC dashboards
- D. FortiView Monitor top threats
Answer:
a
Question 4
Which statement about the FortiSIEM management extension is correct?
- A. Allows you to manage the entire life cycle of a threat or breach.
- B. Its use of the available disk space is capped at 50%.
- C. It requires a licensed FortiSIEM supervisor.
- D. It can be installed as a dedicated VM.
Answer:
c
Question 5
Why run the command diagnose sql status sqlplugind?
- A. To list the current SQL processes running
- B. To check what is the database log insertion status
- C. To display the SQL query connections and hcache status
- D. To view the current hcache size
Answer:
b
Question 6
What is the purpose of predefined report templates on FortiAnalyzer?
- A. They can be customized to meet the needs of the intended audience.
- B. They can be created by saving reports as templates.
- C. They specify the layout used in reports.
- D. They include the data used in reports charts.
Answer:
c
Question 7
Why must you wait for several minutes before you run a playbook that you just created?
- A. FortiAnalyzer needs that time to parse the new playbook.
- B. FortiAnalyzer needs that time to back up the current playbooks.
- C. FortiAnalyzer needs that time to ensure there are no other playbooks running.
- D. FortiAnalyzer needs that time to debug the new playbook.
Answer:
a
Question 8
Refer to the exhibit.
Which statement is correct regarding the event displayed?
- A. The security event risk is considered open.
- B. The security risk was blocked or dropped.
- C. The risk source is isolated.
- D. An incident was created from this event.
Answer:
a -
Question 9
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
- A. Outbreak alert services
- B. FortiView Monitor
- C. Threat hunting
- D. Incidents dashboard
Answer:
c
Question 10
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results.
Similarly, which feature can you use for FortiView?
- A. Export to Chart Library
- B. Export to Custom Chart
- C. Export to Chart Builder
- D. Export to Report Chart
Answer:
d