All About Free NSE5_FAZ-6.4 Actual Exam

NEW QUESTION 1
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

• A. Use DNS
• B. Use host name resolution
• C. Use real-time forwarding
• D. Use an NTP server

Answer: D

NEW QUESTION 2
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

• A. FortiAnalyzer uses log fetching to retrieve the logs when back online
• B. FortiGate uses the miglogd process to cache the logs
• C. The logfiled process stores logs in offline mode
• D. Logs are dropped

Answer: B

Explanation:

NEW QUESTION 3
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?

• A. Output profiles
• B. Report settings
• C. Report scheduling
• D. Custom datasets

Answer: D

NEW QUESTION 4
For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)

• A. Principal
• B. Service provider
• C. Identity collector
• D. Identity provider

Answer: BD

NEW QUESTION 5
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.
What should the administrator do to solve this issue?

• A. Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
• B. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
• C. Use the execute sql-report run ADOM1 command to run a report.
• D. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

Answer: B

NEW QUESTION 6
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

• A. Antivirus logs
• B. Web filter logs
• C. IPS logs
• D. Application control logs

Answer: B

NEW QUESTION 7
What are the operating modes of FortiAnalyzer? (Choose two)

• A. Standalone
• B. Manager
• C. Analyzer
• D. Collector

Answer: CD

NEW QUESTION 8
An administrator has configured the following settings:
config system global
set log-checksum md5-auth
end
What is the significance of executing this command?

• A. This command records the log file MD5 hash value.
• B. This command records passwords in log files and encrypts them.
• C. This command encrypts log transfer between FortiAnalyzer and other devices.
• D. This command records the log file MD5 hash value and authentication code.

Answer: D

NEW QUESTION 9
View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

• A. The disk quota for the FortiAnalyzer model
• B. The disk quota for all devices in the ADOM
• C. The disk quota for each device in the ADOM
• D. The disk quota for the ADOM type

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-log-storage-pol

NEW QUESTION 10
On FortiAnalyzer, what is a wildcard administrator account?

• A. An account that permits access to members of an LDAP group
• B. An account that allows guest access with read-only privileges
• C. An account that requires two-factor authentication
• D. An account that validates against any user account on a FortiAuthenticator

Answer: A

Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/747268/configuring-wildcard-admin-accounts

NEW QUESTION 11
What purposes does the auto-cache setting on reports serve? (Choose two.)

• A. To reduce report generation time
• B. To automatically update the hcache when new logs arrive
• C. To reduce the log insert lag rate
• D. To provide diagnostics on report generation time

Answer: AB

NEW QUESTION 12
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days.
What is the most likely problem?

• A. Quota enforcement is acting on analytical data before a report is complete
• B. Logs are rolling before the report is run
• C. CPU resources are too high
• D. Disk utilization for archive logs is set for 15 days

Answer: B

NEW QUESTION 13
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?

• A. Log upload
• B. Indicators of Compromise
• C. Log forwarding an aggregation mode
• D. Log fetching

Answer: D

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/651442/fetcher-management

NEW QUESTION 14
For which two purposes would you use the command set log checksum? (Choose two.)

• A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
• B. To prevent log modification or tampering
• C. To encrypt log communications
• D. To send an identical set of logs to a second logging server

Answer: BC

NEW QUESTION 15
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

• A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.
• B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.
• C. Both secure communications methods (SSL and IPsec) allow the store and upload option.
• D. Disk logging is enabled on the FortiGate through the CLI only.
• E. Disk logging is enabled by default on the FortiGate.

Answer: BCD

NEW QUESTION 16
......