NSE6_FAZ-7.2 Free Practice Test

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?

1. A. The traffic destination is another FoitiGate in the fabric.
2. B. Log redundancy is configured in the fabric.
3. C. The upstream FortiGate is configured to do NAT.
4. D. The downstream device cannot connect to FortiAnalyzer.

Correct Answer: D
In a Fortinet Security Fabric, an upstream FortiGate may create traffic logs for sessions initiated on downstream FortiGate devices if the downstream device is unable to connect to FortiAnalyzer. This allows for continuity of logging and ensures that session logs are captured and stored even if the downstream device loses its connection to the log management system.References:FortiAnalyzer 7.4.1 Administration Guide, "Fortinet Security Fabric" section.

Which two statements are true regarding FortiAnalyzer system backups? (Choose two.)

1. A. Existing reports can be included in the backup files.
2. B. The system reserves at least 5% to 20% disk space for backup files.
3. C. Scheduled system backups can be configured only from the CLI.
4. D. Backup files can be uploaded to SCP and SFTP servers.

Correct Answer: AD
FortiAnalyzer allows for the inclusion of existing reports in the backup files, providing a comprehensive backup of configurations and data. Additionally, the backup files can be configured to be uploaded to SCP and SFTP servers, ensuring secure transfer and offsite storage of backup data. This can be configured both in the GUI and the CLI, providing flexibility in how backups are scheduled and managed.References:FortiAnalyzer 7.4.1 Administration Guide, "Scheduling automatic backups" section.

After you have moved a registered logging device out of one ADOM and into a new ADOM, you run the following command: execute sql-local rebuild-adom
What is the purpose of running this CLI command?

1. A. To reset the ADOM disk quota enforcement to its default value
2. B. To migrate the archive logs to the new ADOM
3. C. To populate the new ADOM with analytical logs for the moved device, so you can run reports
4. D. To remove the analytics logs of the device from the old database

Correct Answer: C
When you move a registered logging device from one ADOM (Administrative Domain) to another in FortiAnalyzer, it's essential to ensure that the analytical logs for the moved device are available in the new ADOM to maintain continuity in reporting and log analysis. The commandexecute sql-local rebuild-adom < new-ADOM-name>is used specifically for this purpose. Running this command populates the new ADOM with the analytical logs of the moved device, enabling you to generate accurate and comprehensive reports based on the historical data of the device in its new ADOM context. This process ensures that the transition of devices between ADOMs does not lead to a loss of analytical insight or reporting capabilities for the device's traffic and events.

What is true about a FortiAnalyzer Fabric?

1. A. Supervisors support HA.
2. B. Members events can be raised from the supervisor.
3. C. The supervisor and members cannot be in different time zones
4. D. The members send their logs to the supervisor.

Correct Answer: D
In a FortiAnalyzer Fabric, the FortiAnalyzer can recognize a Security Fabric group of devices, and it supports the Security Fabric by storing and analyzing logs from these units as if they were from a single device. The members of the Security Fabric group send their logs to the FortiAnalyzer, which acts as a supervisor for log storage and analysis, providing a centralized point of visibility and control over the logs.References:FortiAnalyzer 7.4.1 Administration Guide, "Security Fabric" section.