Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

Shut down FortiAnalyzer and then replace the disk

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

Perform a hot swap

It requires a FortiManager configured to manage FortiGate

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

It runs as a docker container on FortiAnalyzer

It provides network statistics for active connections, including the protocols, IP addresses, and connection states.

It provides the complete routing table, including directly connected routes.

It provides the static DNS table, including the host names and their expiration timers.

It provides NTP server information, including server IPs. stratum, poll time, and latency.

ADOMs are enabled by default.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

All administrators can create ADOMs--not just the admin administrator.

To upload logs to an SFTP server

To prevent log modification during backup

To send an identical set of logs to a second logging server

To encrypt log communication between devices

Total quota

License type

RAID level

Disk size

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible.

You can change ADOM modes only through the CLI.

In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

Normal mode is the default ADOM mode.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

Logs will be present in both ADOMs immediately after the move.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.

Incidents dashboards

Threat hunting

FortiView Monitor

Outbreak alert services

To list the current SQL processes running

To check what is the database log insertion status

To display the SOL query connections and hcache status

To view the current hcache size

It sorts log data into tables

It extracts the database schema

It retrieves log data from the database

It injects log data into the database

SMS

Email

SNMP

IM

sqlplugind

logfiled

miglogd

ofrpd

Network analysis

Graphical reporting

Content archiving / data mining

Vulnerability assessment

Security log analysis / forensics

Set the ADOM mode to Advanced

Assign the ADOMs to the administrator’s account

Configure trusted hosts

Assign the default Super_User administrator profile

Report size will be optimized to conserve disk space on FortiAnalyzer.

Reports will be cached in the memory.

This feature is automatically enabled for scheduled reports.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

Use the execute sql-report run ADOM1 command to run a report.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & dstip==10.1.1.210 & userl-admin

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

FortiAnalyzer provides the ability to create custom reports.

FortiAnalyzer glows you to schedule reports to run.

FortiAnalyzer includes pre-defined reports only.

FortiAnalyzer allows reporting for FortiGate devices only.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

You can use filters to include only logs from a single device.

The fetching profile must include a user with the Super_User profile.

The archive logs retrieved from the server become archive logs in the client.

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

New alerts are received by email.

Outbreak alerts are available on the root ADOM only.

An additional license is required.

It automatically downloads new event handlers and reports.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

It can be used for fast data processing and log correlation

It can be used to facilitate communication between devices in same Security Fabric

It can include all Fortinet devices that are part of the same Security Fabric

It can include only FortiGate devices that are part of the same Security Fabric

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

This feature allows you to build a chart under FortiView.

You can add charts to generated reports using this feature.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure # set resolve-ip enable in the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

The configured IP address is checked first.

The active port number is checked first.

The firmware version is checked first.

The configured priority is checked first

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

FortiAnalyzer1 and FortiAnalyzer3

All devices listed can be members.

FortiAnalyzer1 and FortiAnalyzer2

FortiAnalyzer2 and FortiAnalyzer3

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

This password is used if the authentication server becomes unreachable.

This password authenticates FortiAnalyzer aqainst the LDAP server.

This password is set to comply with FortiAnalvzer password policy

This password is required because this is a restricted user.

FROM

LIMIT

WHERE

ORDER BY

logfiled

oftpd

sqlplugind

miglogd

Fortinet is assigned the Standard_ User administrator profile.

A trusted host is configured.

ADOM mode is configured with Advanced mode.

Fortinet is assigned the Restricted_ User administrator profile.

RADIUS

Local

LDAP

PKI

TACACS+

To increase reliability

To expand bandwidth

To maximize resiliency

To improve security

The disk quota for the FortiAnalyzer model

The disk quota for all devices in the ADOM

The disk quota for each device in the ADOM

The disk quota for the ADOM type

If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together.

FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers.

If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer.

The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.

To add a new chart under FortiView to be used in new reports

To build a dataset and chart automatically, based on the filtered search results

To add charts directly to generate reports in the current ADOM

To build a chart automatically based on the top 100 log entries

A local wildcard administrator account

An administrator group

One or more remote LDAP servers

LDAP servers IP addresses added as trusted hosts

After joining the cluster, this FortiAnalyzer will forward received logs to its peers.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

This FortiAnalyzer is configured to route HA traffic through a gateway.

This FortiAnalyzer will join the existing HA cluster as the secondary.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

FortiAnalyzer flags the associated host for further analysis.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious

FortiAnalyzer needs that time to parse the new playbook.

FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

RAIDO

RAID 5

RAID1

RAID 6+0

RAID 0+0

A local wildcard administrator account

A remote LDAP server

A trusted host profile that restricts access to the LDAP group

An administrator group

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

To prevent log modification or tampering

To encrypt log communications

To send an identical set of logs to a second logging server

3.6% of the system storage is already being used.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

The oftpd process has not archived the logs yet

The logfiled process is just estimating the total quota

An IPS log with action=pass.

A WebFilter log with action=dropped.

An AV log with action=quarantine.

An AppControl log with action=blocked.

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates