ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE5_FAZ-7.2 All Questions

View all questions & answers for the NSE5_FAZ-7.2 exam
Go to Exam

Exam NSE5_FAZ-7.2 topic 1 question 19 discussion

Actual exam question from Fortinet's NSE5_FAZ-7.2
Question #: 19
Topic #: 1
[All NSE5_FAZ-7.2 Questions]

Refer to the exhibit.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than “admin”, and coming from Laptop1.
Which filter will achieve the desired result?

  • A. operation~login & dstip==10.1.1.210 & user!~admin
  • B. operation~login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
  • C. operation~login & performed_on=="GUI(10.1.1.210)" & user!=admin
  • D. operation~login & performed_on=="GUI(10.1.1.100)" & user!=admin
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by sandfred at Dec. 20, 2023, 3:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sandfred
1 year, 1 month ago
Selected Answer: D
Similar example from FortiAnalyzer 7.0 Lab Guide, page 85: Edit the generic text filter with user==admin to match any login attempts with that user. 4. Add the text operation=="login failed" to match only failed login attempts. If you don't include this condition, you will get more matches than what is required. 5. Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer. You need this syntax because the requirements do not specify the method the attacker uses to try to access FortiAnalyzer. If you were looking only for attempts using a browser, you could use performed_ on!="GUI(10.0.1.10)" instead. If you were looking only for attempts using SSH, you could use performed_ on!="ssh(10.0.1.10)" instead. 6. Combine the three conditions with a logical and. operation=="login failed" & user==admin & performed_on!~10.0.1.10
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel