Question 13

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)

Correct Answer:BD
Option B is correct because you must establish an IPsec tunnel ID and pre-shared key to secure the communication between FortiAnalyzer and FortiGate with IPsec12. The tunnel ID is a unique identifier for each tunnel and the pre-shared key is a secret passphrase that authenticates the peers.
Option D is correct because IPsec is only enabled through the CLI on FortiAnalyzer1. You cannot configure IPsec settings through the GUI on FortiAnalyzer.

Question 14

In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)

Correct Answer:AD
Pg 70: “after you add and register a FortiGate device with the FortiAnalyzer unit, you must also ensure that the FortiGate device is configured to send logs to the FortiAnalyzer unit.”
https://docs.fortinet.com/uploaded/files/4614/FortiAnalyzer-5.4.6-Administration Guide.pdf
Pg 45: “ADOMs must be enabled to support the logging and reporting of NON-FORTIGATE devices, such as FortiCarrier, FortiClientEMS, FortiMail, FortiWeb, FortiCache, and FortiSandbox.”

Question 15

How can you attach a report to an incident?

Correct Answer:C

Question 16

When you perform a system backup, what does the backup configuration contain? (Choose two.)

Correct Answer:BD
https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm

Question 17

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)

Correct Answer:AB

Question 18

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Correct Answer:B
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 217: Threat hunting consists in proactively searching for suspicious or potentially risky network activity in your environment. The proactive approach will help administrator find any threats that might have eluded detection by the current security solutions or configurations.

START NSE5_FAZ-7.2 EXAM