● NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials

Please note that the exam "NSE 5 - FortiAnalyzer 7.4 Analyst" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"

The new exam version is available on Brave-Dumps and can be purchased.



Question #31
Comment Image Comment Image Comment Image

Which statement correctly describes one difference between templates and reports? (Choose one answer)

  • A. Templates are mapped to device groups, while reports are mapped to ADOMs.
  • B. Reports support macros, but templates do not.
  • C. Reports provide more configuration options than templates.
  • D. Templates can be cloned, but reports cannot be cloned.

Question #32
Comment Image Comment Image Comment Image

Which statement about exporting items in Report Definitions is true? (Choose one answer)

  • A. Templates can be exported.
  • B. Chart exports contain associated datasets.
  • C. Datasets can be exported.
  • D. Template exports contain associated charts and datasets.

Question #33
Comment Image Comment Image Comment Image

What is the purpose of using data selectors when configuring event handlers? (Choose one answer)

  • A. They apply their filter criteria to the entire event handler so that you don’t have to configure the same criteria in the individual rules.
  • B. They filter the types of logs that FortiAnalyzer can accept from registered devices.
  • C. They download new filters that can be used in event handlers.
  • D. They are common filters that can be applied simultaneously to all event handlers.

Question #34
Comment Image Comment Image Comment Image

Which statement about automation connectors in FortiAnalyzer is true? (Choose one answer)

  • A. The actions available with FortiOS connectors are determined by automation rules configured on FortiGate.
  • B. The local connector becomes available after you configure any external connector.
  • C. An ADOM with the Fabric type comes with multiple connectors configured.
  • D. The SOC module must be enabled before external connectors are displayed.

Question #35
Comment Image Comment Image Comment Image

Client-1 is trying to access the internet for web browsing.

All FortiGate devices in the topology are part of a Security Fabric with logging to FortiAnalyzer configured. All firewall policies have logging enabled. All web filter profiles are configured to log only violations.

Which statement about the logging behavior for this specific traffic flow is true? (Choose one answer)

  • A. FGT-A will see the MAC address of FGT-B in the packets and know it does not need to log this flow.
  • B. FGT-A will create logs for web filter events only if FGT-B did not already detect a violation.
  • C. Both FGT-A and FGT-B will create traffic logs.
  • D. Only FGT-A will create traffic logs.

Question #36
Comment Image Comment Image Comment Image

You are trying to configure a task in the playbook editor to run a report.
However, when you try to select the desired playbook, you do not see it listed.
What is the reason? (Choose one answer)

  • A. The report has no results and must be reconfigured.
  • B. You must create a trigger to run the report first.
  • C. The report does not have auto-cache and extended log filtering enabled.
  • D. The playbook is currently running and will be available after it is finished.

Question #37
Comment Image Comment Image Comment Image

Refer to the exhibit.

A FortiAnalyzer analyst is customizing a SQL query to use in a report.

Which SQL query should the analyst run to get the expected results? (Choose one answer)

  • A. SELECT srcip AS "Source IP", dstport AS "Destination Port" ORDER BY dstport DESC GROUP BY srcip, dstport FROM $log WHERE $filter AND srcip = '10.0.1.10'
  • B. SELECT srcip AS "Source IP", dstport AS "Destination Port" FROM $log WHERE $filter AND srcip = '10.0.1.10' GROUP BY srcip, dstport ORDER BY dstport DESC
  • C. SELECT srcip AS "Source IP", dstport AS "Destination Port" FROM $log WHERE $filter AND Source IP != '10.0.1.10' GROUP BY srcip, dstport ORDER BY dstport DESC
  • D. SELECT srcip AS "Source IP", dstport AS "Destination Port" FROM $log WHERE $filter AND srcip = '10.0.1.10' ORDER BY dstport GROUP BY srcip, dstport DESC

Question #38
Comment Image Comment Image Comment Image

Refer to the exhibit. with partial output, Your colleague exported a playbook and has sent it to you for review. You open the file in a text editor and observe the output as shown in the exhibit.

Which statement about the export is true? (Choose one answer)

  • A. The export data type is zipped.
  • B. The playbook is misconfigured.
  • C. Your colleague put a password on the export.
  • D. The option to include the connector was not selected.

Question #39
Comment Image Comment Image Comment Image

As part of your analysis, you discover that a Medium severity level incident is fully remediated.

You change the incident status to Closed: Remediated.

Which statement about your update is true? (Choose one answer)

  • A. The Incidents dashboards will be updated.
  • B. The incident can no longer be deleted.
  • C. The incident severity will be lowered.
  • D. The corresponding event will be marked as Mitigated.

Question #40
Comment Image Comment Image Comment Image

Refer to the exhibit. , What can you conclude about the output? (Choose one answer)

  • A. The log rate being higher than the message rate is not normal.
  • B. The low indexing values require investigation.
  • C. There are more event logs than traffic logs.
  • D. The output is not ADOM specific.