● NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials
Please note that the exam "NSE 5 - FortiAnalyzer 7.4 Analyst" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #1
Question #2
Why must you wait for several minutes before you run a playbook that you just created? (Choose one answer)
- A. FortiAnalyzer needs that time to parse the new playbook.
- B. FortiAnalyzer needs that time to back up the current playbooks.
- C. FortiAnalyzer needs that time to debug the new playbook.
- D. FortiAnalyzer needs that time to ensure there are no other playbooks running.
Question #3
Which statement about sending notifications with incident updates is true? (Choose one answer)
- A. Notifications can be sent only when an incident is updated or deleted.
- B. Notifications can be sent only by email.
- C. You can send notifications to multiple external platforms.
- D. If you use multiple fabric connectors, all connectors must have the same notification settings.
Question #4
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security? (Choose one answer)
- A. Outbreak alert services
- B. Incidents dashboard
- C. Threat hunting
- D. FortiView Monitor
Question #5
Which log will generate an event with the status Unhandled? (Choose one answer)
- A. A WebFilter log with action=dropped.
- B. An IPS log with action=pass.
- C. An AppControl log with action=blocked.
- D. An AV log with action=quarantine.
Question #6
What is the purpose of running the command diagnose sql status sqlreportd? (Choose one answer)
- A. To identify the database log insertion status
- B. To view a list of scheduled reports
- C. To list the current SQL processes running
- D. To display the SQL query connections and hcache status
Question #7
What can you conclude from this output? (Choose one answer)
- A. The allocated disk quota to ADOM1 is 3 GB.
- B. FGT-B is the Security Fabric root.
- C. Archive logs are using more space than analytic logs.
- D. There is no disk quota allocated to quarantining files.
Question #8
As part of your analysis, you discover that an incident is a false positive.
You change the incident status to Closed: False Positive.
Which statement about your update is true?
(Choose one answer)
- A. The incident will be deleted.
- B. The corresponding event will be marked as Mitigated.
- C. The incident number will be changed.
- D. The audit history log will be updated.
Question #9
Which statement describes archive logs on FortiAnalyzer? (Choose one answer)
- A. Logs compressed and saved in files with the .gz extension
- B. Logs that are indexed and stored in the SQL database
- C. Logs previously collected from devices that are offline
- D. Logs a FortiAnalyzer administrator can access in FortiView
Question #10
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two answers)
- A. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date
- B. Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer.
- C. Make sure all endpoints are reachable by FortiAnalyzer.
- D. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
Which statement about the FortiSOAR management extension is correct? (Choose one answer)