Fortinet Fortinet NSE 5 - FortiAnalyzer 7.2 NSE5_FAZ-7.2 Exam Dumps: Updated Questions & Answers (October 2025)

In the case of a primary device failure, FortiAnalyzer HA uses the following rules to select a new primary:

• All cluster devices are assigned a priority from 80 to 120. The default priority is 100. If the primary device

becomes unavailable, the device with the highest priority is selected as the new primary device. For

example, a device with a priority of 110 is selected over a device with a priority of 100.

• If multiple devices have the same priority, the device whose primary IP address has the greatest value is

selected as the new primary device. For example, 123.45.67.124 is selected over 123.45.67.123.

• If a new device with a higher priority or a greater value IP address joins the cluster, the new device does

not replace (or pre-empt) the current primary device automatically.

FortiAnalyzer_7.0_Study_Guide-Online page 62

Pg 70: “after you add and register a FortiGate device with the FortiAnalyzer unit, you must also ensure that the FortiGate device is configured to send logs to the FortiAnalyzer unit.”

https://docs.fortinet.com/uploaded/files/4614/FortiAnalyzer-5.4.6-Administration%20Guide.pdf

Pg 45: “ADOMs must be enabled to support the logging and reporting of NON-FORTIGATE devices, such as FortiCarrier, FortiClientEMS, FortiMail, FortiWeb, FortiCache, and FortiSandbox.”

https://kb.fortinet.com/kb /documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2FFortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.

If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running – known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.

On there the task was to create a filter for failed logins from any other location but the local computer: "Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer."

Option B is correct because you must establish an IPsec tunnel ID and pre-shared key to secure the communication between FortiAnalyzer and FortiGate with IPsec12. The tunnel ID is a unique identifier for each tunnel and the pre-shared key is a secret passphrase that authenticates the peers.

Option D is correct because IPsec is only enabled through the CLI on FortiAnalyzer1. You cannot configure IPsec settings through the GUI on FortiAnalyzer.