● NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials
Please note that the exam "NSE 5 - FortiAnalyzer 7.4 Analyst" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 5 - FortiAnalyzer 7.6 Analyst Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #41
Question #42
When managing incidents on FortiAnalyzer, what must an analyst be aware of? (Choose one answer)
- A. Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour.
- B. The status of the incident is always linked to the status of the attached event.
- C. You can manually attach generated reports to incidents.
- D. Incidents must be acknowledged before they can be analyzed.
Question #43
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been unsuccessful.
Which two tasks should you perform to investigate why you are having this issue?
(Choose two answers)
- A. Open .gz log files in FortiView.
- B. Rebuild the SQL database and check FortiView.
- C. Review the ADOM data policy.
- D. Check logs in the Log Browse.
Question #44
What is the purpose of running the command diagnose sql status sqlplugind? (Choose one answer)
- A. To list the current SQL processes running
- B. To display the SQL query connections and hcache status
- C. To view the current hcache size
- D. To identify the database log insertion status
Question #45
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses? (Choose one answer)
- A. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
- B. A new Infected entry is added for the corresponding endpoint under Compromised Hosts.
- C. The detection engine classifies those logs as Suspicious.
- D. FortiAnalyzer flags the associated host for further analysis.
Question #46
What is the purpose of playbook trigger variables? (Choose one answer)
- A. To provide the trigger information to make the playbook start running
- B. To use information from the trigger to filter the action in a task
- C. To display statistics about the playbook runtime
- D. To store the start times of playbooks with On Schedule triggers
Question #47
Which two statements regarding FortiAnalyzer operating modes are true? (Choose two answers)
- A. You can create and edit reports when FortiAnalyzer is running in collector mode
- B. FortiAnalyzer runs in collector mode by default unless it is configured for HA.
- C. A topology with FortiAnalyzer devices running in both modes can improve their performance.
- D. When running in collector mode, FortiAnalyzer can forward logs to a syslog server.
Question #48
Which statement about the FortiSIEM management extension is correct? (Choose one answer)
- A. It requires a licensed FortiSIEM supervisor.
- B. Its use of the available disk space is capped at 50%.
- C. It can be installed as a dedicated VM.
- D. It allows you to manage the entire life cycle of a threat or breach.
Question #49
Which log will generate an event with the status *Contained*? (Choose one answer)
- A. An AppControl log with action=blocked
- B. An AV log with action=quarantine
- C. An IPS log with action=pass
- D. A WebFilter log with action=dropped
Question #50
Which statement about the displayed event is correct? (Choose one answer)
- A. An incident was created from this event.
- B. The security event risk is considered open.
- C. The security risk was blocked or dropped.
- D. The risk source is isolated.
Assume these are all the events that exist on the FortiAnalyzer device.
How many events will be added to the incident created after running this playbook? (Choose one answer)