View all questions & answers for the NSE 5 - FortiAnalyzer 7.6 Analyst Exam Materials exam


Question 1 Discussion

When there are no matching parsers for a device log, what does FortiAnalyzer do? (Choose one answer)

  • A. Drops the log
  • B. Applies the generic SYSLOG parser
  • C. Stores the log but doesn’t normalize it
  • D. Archives the log for future analysis
Correct Answer: C

Brave-Dump Clients Votes

C 66.67%
B 33.33%

Comments



Brave-Dumps Admin 2025-11-01 00:09:40

Selected Answers: C


FortiAnalyzer 7.6 Analyst Study Guide page 11
“A data lake is a centralized repository where data is stored in structured and unstructured data in its raw format.”
“FortiAnalyzer acts as a data lake for security operations by ingesting and storing data from other Fortinet and third-party devices.”
“Logs from third-party devices can be normalized for analysis and correlation using predefined log parsers...”

Download the official study guide from here to find the answers to these exam questions: https://drive.google.com/file/d/1nB11Nc0mGt34ZWfLESnEPbp0iejOpQAH/view

Anonymous User 2026-02-26 21:50:05

Selected Answers: B


The correct answer is B. Applies the generic SYSLOG parser.
When FortiAnalyzer receives logs from a device and cannot find a predefined or matching parser for that specific format, it defaults to using its generic syslog parser to identify and extract fields.

Explicit text on FortiAnalyzer 7.6 Analyst Study Guide page 41

Anonymous User 2026-03-06 12:08:55

Selected Answers: C


C is correct because on page 40, we can read:
"FortiAnalyzer uses predefined parsers to extract fields and normalize logs"
"Parsers map vendor-specific logs to standardized field names in the SIEM database"
If no parser matches, FortiAnalyzer cannot extract or normalize fields. The log is still stored on disk. It just cannot be normalized or indexed properly.
B is wrong because this only happens if a SYSLOG parser actually matches. Here, the question says "no matching parser". So it does not apply.