Fortinet NSE5_FAZ-6.2 Exam Questions

Question 6 of 39

On the RAID management page, the disk status is listed as Initializing.
What does the status Initializing indicate about what the FortiAnalyzer is currently doing?

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

FortiAnalyzer is functioning normally

Correct Answer: C

When a RAID array is initializing, it typically means that data is being written to all the hard drives in the array to ensure that it is fault-tolerant. This process involves making sure that the RAID configuration is correctly set up to provide redundancy and protect against data loss in the case of a drive failure. Therefore, the FortiAnalyzer is making the array fault-tolerant by writing to all of its hard drives.

Question 7 of 39

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure # set resolve-ip enable in the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

Correct Answer: D

To resolve the source and destination IP addresses without introducing any additional performance impact to FortiAnalyzer, you should configure the resolution on FortiGate devices. FortiAnalyzer is designed more for logging and reporting, while resolving IP addresses can be handled efficiently by the FortiGate device to minimize the load on FortiAnalyzer and ensure timely DNS resolution.

Question 8 of 39

You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used.
What does the disk quota refer to?

The maximum disk utilization for each device in the ADOM

The maximum disk utilization for the FortiAnalyzer model

The maximum disk utilization for the ADOM type

The maximum disk utilization for all devices in the ADOM

Correct Answer: D

The disk quota refers to the maximum disk utilization for all devices in the ADOM. This means that the total amount of disk space allocated to store logs and reports from all devices within that ADOM is limited by this quota.

Question 9 of 39

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

To properly correlate logs

To use real-time forwarding

To resolve host names

To improve DNS response times

Correct Answer: A

Using an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer ensures that the clocks of all devices are synchronized. This is crucial for properly correlating logs, as log entries from different devices need to be accurately timestamped for effective event analysis, troubleshooting, and reporting.

Question 10 of 39

You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses the miglogd process to cache the logs

The logfiled process stores logs in offline mode

Logs are dropped

Correct Answer: B

When FortiAnalyzer is temporarily unavailable during a firmware upgrade, FortiGate uses the miglogd process to cache the logs. The miglogd process ensures the logs are retained until FortiAnalyzer is back online and can receive the cached data.