Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE5_FAZ-7.2 Topic 1 Question 13 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 13
Topic #: 1
[All NSE5_FAZ-7.2 Questions]

Refer to the exhibit.

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

Show Suggested Answer Hide Answer
Suggested Answer: A

On there the task was to create a filter for failed logins from any other location but the local computer: 'Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer.'


Contribute your Thoughts:

Fatima
6 months ago
Interesting. Can you explain your reasoning for choosing B, Lucy?
upvoted 0 times
...
Lucy
6 months ago
I'm not sure. I think B might also be a valid option.
upvoted 0 times
...
Eva
6 months ago
Sure. D specifies the performed_on field matching GUI(10.1.1.210) and user not equal to admin, which covers the requirements.
upvoted 0 times
...
Fatima
6 months ago
Can you explain why you think D is the correct answer?
upvoted 0 times
...
Eva
6 months ago
I disagree. I believe the correct answer is D.
upvoted 0 times
...
Fatima
7 months ago
I think the answer is A.
upvoted 0 times
...
Ruthann
8 months ago
I was leaning towards option A, but now I'm not so sure. Let me re-read the question and the options again.
upvoted 0 times
...
Von
8 months ago
Hmm, I think the answer is option D. The 'performed_on' field specifies the source IP address, which in this case is Laptop1 (10.1.1.100), and the 'user!=admin' condition ensures we exclude the 'admin' user.
upvoted 0 times
...
Ines
8 months ago
Exactly. That's my understanding too. The key here is to use the right combination of filter fields to achieve the desired result.
upvoted 0 times
...
Annamaria
8 months ago
This question seems pretty straightforward, but I want to make sure I understand the requirements correctly. We need to configure a filter that matches all login attempts to the web interface, excluding the 'admin' user, and coming from Laptop1 with the IP address 10.1.1.100, right?
upvoted 0 times
Vesta
7 months ago
This filter does not match the requirement because it specifies a different IP address for the GUI.
upvoted 0 times
...
Levi
8 months ago
D) operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin
upvoted 0 times
...
Dahlia
8 months ago
No, this filter is not correct. It includes the 'admin' user and has a different source IP address.
upvoted 0 times
...
Selma
8 months ago
B) operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
upvoted 0 times
...
Laine
8 months ago
That's correct. This filter will match all login attempts to the web interface from Laptop1 excluding the 'admin' user.
upvoted 0 times
...
Effie
8 months ago
A) operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77