View all questions & answers for the NSE 5 - FortiAnalyzer 7.6 Analyst Exam Materials exam


Question 9 Discussion

Refer to the exhibit. Which two observations can you make after reviewing this log entry? (Choose two answers)

  • A. This is a normalized log.
  • B. This is a formatted view of the log.
  • C. This is the original log that FortiAnalyzer received from FortiGate.
  • D. This log is in a raw log format.
Correct Answer: A,C

Brave-Dump Clients Votes

AC 50%
AB 50%

Comments



Brave-Dumps Admin 2025-11-01 01:19:40

Selected Answers: A, C


FortiAnalyzer 7.6 Analyst Study Guide page 43:

“This slide shows a FortiGate event log that has been normalized by FortiAnalyzer using the FortiGate log parser.”
“When you change the view to raw log format, you can see that common FortiGate log fields such as data_sourceid, dst_ip, event_subtype, and event_policyid have been converted to normalized log fields.”

Anonymous User 2026-03-04 17:53:57

Selected Answers: A, B


A) We see normalized fields produced by the parser like data_parsername so this is a normalized log.
B) The exhibit shows the formatted key-value representation, not the raw device log string.
C) Incorrect because an original log would not contain FAZ normalization fields like adom_oid or data_parsername.
D) Wrong since a raw log is not already parsed like this one