● NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials
Please note that the exam "NSE 5 - FortiAnalyzer 7.4 Analyst" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #11
Question #12
Which two statements about local logs on FortiAnalyzer are true? (Choose two answers)
- A. Event logs are available only in the root ADOM.
- B. Event logs show system-wide information, whereas application logs are ADOM specific.
- C. You can view playbook logs for all ADOMs in the root ADOM.
- D. They are not supported in FortiView.
Question #13
You find that as part of your role as an analyst, you frequently search Log View using the same parameters.
Instead of defining your search filters repeatedly, what can you do to save time?
(Choose one answer)
- A. Configure a custom view.
- B. Configure a macro and apply it to device groups.
- C. Configure a data selector.
- D. Configure a custom dashboard.
Question #14
Refer to the exhibit.
Which statement about the event displayed is correct?
(Choose one answer)
- A. An incident was created from this event.
- B. The security risk was blocked or dropped.
- C. The risk source is isolated.
- D. The security event risk is considered open.
Question #15
Which statement about SQL SELECT queries is true? (Choose one answer)
- A. They can be used to display the database schema.
- B. They are not used in macros.
- C. They must be followed immediately by a WHERE clause.
- D. They can be used to purge log entries from the database.
Question #16
What does the data point at 21:20 indicate? (Choose one answer)
- A. FortiAnalyzer is temporarily buffering received logs so older logs can be indexed first.
- B. FortiAnalyzer is indexing logs faster than logs are being received
- C. The SQL database requires a rebuild because of high receive lag.
- D. The fortilogd daemon is ahead in indexing by one log.
Question #17
A playbook contains five tasks in total. An administrator runs the playbook, and four out of five tasks finish successfully, but one task fails.
What will be the status of the playbook after it is run?
(Choose one answer)
- A. Success
- B. Failed
- C. Upstream_failed
- D. Attention_required
Question #18
An administrator on your team has configured multiple reports to run periodically. Management has an additional request that all new generated reports be sent to a company email inbox for accessibility. The mail server has already been configured on FortiAnalyzer.
Which item must you configure on FortiAnalyzer so that emails are sent when the reports are generated?
(Choose one answer)
- A. Enable an output profile on the reports
- B. Enable the option to email all reports under the mail server.
- C. Add a mailto:<email address> option within the report layouts.
- D. Enable email notifications under the report calendar.
Question #19
After generating a report, you notice the information you were expecting to see is not included in it. However, you confirm that the logs are there.
Which two actions should you perform?
(Choose two answers)
- A. Disable auto-cache.
- B. Increase the report utilization quota.
- C. Check the time frame covered by the report.
- D. Test the dataset.
Question #20
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two answers)
- A. When new logs are received, the hard-cache data is updated automatically
- B. The generation time for reports is decreased
- C. The size of newly generated reports is optimized to conserve disk space
- D. FortiAnalyzer local cache is used to store generated reports
Refer to the exhibit
What is the analyst trying to create? (Choose one answer)