Chat now
Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE5_FAZ-7.2 Topic 1 Question 13 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 13
Topic #: 1
[All NSE5_FAZ-7.2 Questions]

What are offline logs on FortiAnalyzer?

Show Suggested Answer Hide Answer
Suggested Answer: A

On there the task was to create a filter for failed logins from any other location but the local computer: 'Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer.'


by Elke at Feb 07, 2024, 07:04 PM

Limited Time Offer

25%

Off

Get Premium NSE5_FAZ-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fatima
11 months ago
Interesting. Can you explain your reasoning for choosing B, Lucy?
upvoted 0 times
...
Lucy
11 months ago
I'm not sure. I think B might also be a valid option.
upvoted 0 times
...
Eva
11 months ago
Sure. D specifies the performed_on field matching GUI(10.1.1.210) and user not equal to admin, which covers the requirements.
upvoted 0 times
...
Fatima
11 months ago
Can you explain why you think D is the correct answer?
upvoted 0 times
...
Eva
12 months ago
I disagree. I believe the correct answer is D.
upvoted 0 times
...
Fatima
1 years ago
I think the answer is A.
upvoted 0 times
...
Ruthann
1 years ago
I was leaning towards option A, but now I'm not so sure. Let me re-read the question and the options again.
upvoted 0 times
...
Von
1 years ago
Hmm, I think the answer is option D. The 'performed_on' field specifies the source IP address, which in this case is Laptop1 (10.1.1.100), and the 'user!=admin' condition ensures we exclude the 'admin' user.
upvoted 0 times
...
Ines
1 years ago
Exactly. That's my understanding too. The key here is to use the right combination of filter fields to achieve the desired result.
upvoted 0 times
...
Annamaria
1 years ago
This question seems pretty straightforward, but I want to make sure I understand the requirements correctly. We need to configure a filter that matches all login attempts to the web interface, excluding the 'admin' user, and coming from Laptop1 with the IP address 10.1.1.100, right?
upvoted 0 times
Vesta
1 years ago
This filter does not match the requirement because it specifies a different IP address for the GUI.
upvoted 0 times
...
Levi
1 years ago
D) operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin
upvoted 0 times
...
Dahlia
1 years ago
No, this filter is not correct. It includes the 'admin' user and has a different source IP address.
upvoted 0 times
...
Selma
1 years ago
B) operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
upvoted 0 times
...
Laine
1 years ago
That's correct. This filter will match all login attempts to the web interface from Laptop1 excluding the 'admin' user.
upvoted 0 times
...
Effie
1 years ago
A) operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin
upvoted 0 times
...
...

Save Cancel
a