New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

Page: 1 / 17
Total 171 questions

FCP - FortiAnalyzer 7.4 Administrator Questions and Answers

Question 1

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on

FortiAnalyzer has failed.

What is the recommended method to replace the disk?

Options:

A.

Shut down FortiAnalyzer and then replace the disk

B.

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

C.

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

D.

Perform a hot swap

Question 2

Which statement about the FortiSOAR management extension is correct?

Options:

A.

It requires a FortiManager configured to manage FortiGate

B.

It requires a dedicated FortiSOAR device or VM.

C.

It does not include a limited trial by default.

D.

It runs as a docker container on FortiAnalyzer

Question 3

What is the purpose of the FortiAnalyzer command diagnose system print netstat?

Options:

A.

It provides network statistics for active connections, including the protocols, IP addresses, and connection states.

B.

It provides the complete routing table, including directly connected routes.

C.

It provides the static DNS table, including the host names and their expiration timers.

D.

It provides NTP server information, including server IPs. stratum, poll time, and latency.

Question 4

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

Options:

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Question 5

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

Options:

A.

To upload logs to an SFTP server

B.

To prevent log modification during backup

C.

To send an identical set of logs to a second logging server

D.

To encrypt log communication between devices

Question 6

Which two parameters impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)

Options:

A.

Total quota

B.

License type

C.

RAID level

D.

Disk size

Question 7

Which two statements regarding ADOM modes are true? (Choose two.)

Options:

A.

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible.

B.

You can change ADOM modes only through the CLI.

C.

In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

D.

Normal mode is the default ADOM mode.

Question 8

An administrator has moved a FortiGate device from the root ADOM to ADOM1.

Which two statements are true regarding logs? (Choose two.)

Options:

A.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.

Logs will be present in both ADOMs immediately after the move.

D.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.

Question 9

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Options:

A.

Incidents dashboards

B.

Threat hunting

C.

FortiView Monitor

D.

Outbreak alert services

Question 10

Why run the command diagnose sql status sqlplugind?

Options:

A.

To list the current SQL processes running

B.

To check what is the database log insertion status

C.

To display the SOL query connections and hcache status

D.

To view the current hcache size

Question 11

What is the purpose of a dataset query in FortiAnalyzer?

Options:

A.

It sorts log data into tables

B.

It extracts the database schema

C.

It retrieves log data from the database

D.

It injects log data into the database

Question 12

Which two methods can you use to send event notifications when an event occurs that matches a configured

event handler? (Choose two.)

Options:

A.

SMS

B.

Email

C.

SNMP

D.

IM

Question 13

Which daemon is responsible for enforcing the log file size?

Options:

A.

sqlplugind

B.

logfiled

C.

miglogd

D.

ofrpd

Question 14

FortiAnalyzer centralizes which functions? (Choose three)

Options:

A.

Network analysis

B.

Graphical reporting

C.

Content archiving / data mining

D.

Vulnerability assessment

E.

Security log analysis / forensics

Question 15

How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

Options:

A.

Set the ADOM mode to Advanced

B.

Assign the ADOMs to the administrator’s account

C.

Configure trusted hosts

D.

Assign the default Super_User administrator profile

Question 16

Refer to the exhibit.

Question # 16

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Question 17

An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.

What should the administrator do to solve this issue?

Options:

A.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

B.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

C.

Use the execute sql-report run ADOM1 command to run a report.

D.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

Question 18

Refer to the exhibit.

Question # 18

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

Options:

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Question 19

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

Options:

A.

Use this command only if the source IP addresses are not resolved on FortiGate.

B.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Question 20

Which statements are correct regarding FortiAnalyzer reports? (Choose two)

Options:

A.

FortiAnalyzer provides the ability to create custom reports.

B.

FortiAnalyzer glows you to schedule reports to run.

C.

FortiAnalyzer includes pre-defined reports only.

D.

FortiAnalyzer allows reporting for FortiGate devices only.

Question 21

What must you consider when using log fetching? (Choose two.)

Options:

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Question 22

Which statement describes a dataset in FortiAnalyzer?

Options:

A.

They determine what data is retrieved from the database.

B.

They provide the layout used for reports.

C.

They are used to set the data included in templates.

D.

They define the chart types to be used in reports.

Question 23

Which two statements are true regarding the outbreak detection service? (Choose two.)

Options:

A.

New alerts are received by email.

B.

Outbreak alerts are available on the root ADOM only.

C.

An additional license is required.

D.

It automatically downloads new event handlers and reports.

Question 24

Which SQL query is in the correct order to query the database in the FortiAnslyzer?

Options:

A.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

Question 25

What are two advantages of setting up fabric ADOM? (Choose two.)

Options:

A.

It can be used for fast data processing and log correlation

B.

It can be used to facilitate communication between devices in same Security Fabric

C.

It can include all Fortinet devices that are part of the same Security Fabric

D.

It can include only FortiGate devices that are part of the same Security Fabric

Question 26

Refer to the exhibit.

Question # 26

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Question 27

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)

Options:

A.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

Question 28

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.

How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

Options:

A.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B.

Configure # set resolve-ip enable in the system FortiView settings

C.

Configure local DNS servers on FortiAnalyzer

D.

Resolve IP addresses on FortiGate

Question 29

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?

Options:

A.

The configured IP address is checked first.

B.

The active port number is checked first.

C.

The firmware version is checked first.

D.

The configured priority is checked first

Question 30

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

Options:

A.

The size of newly generated reports is optimized to conserve disk space.

B.

FortiAnalyzer local cache is used to store generated reports.

C.

When new logs are received, the hard-cache data is updated automatically.

D.

The generation time for reports is decreased.

Question 31

Refer to the exhibit.

Question # 31

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzer1 and FortiAnalyzer3

B.

All devices listed can be members.

C.

FortiAnalyzer1 and FortiAnalyzer2

D.

FortiAnalyzer2 and FortiAnalyzer3

Question 32

What are two benefits of using fabric connectors? (Choose two.)

Options:

A.

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

B.

You do not need an additional license to send logs to the cloud platform.

C.

Fabric connectors allow you to improve redundancy.

D.

Using fabric connectors is more efficient than using third-party polling with API.

Question 33

Refer to the exhibit.

Question # 33

The exhibit shows the creation of a new administrator on FortiAnalyzer. The new account uses the credentials stored on an LDAP server.

Why would an administrator configure a password for this account?

Options:

A.

This password is used if the authentication server becomes unreachable.

B.

This password authenticates FortiAnalyzer aqainst the LDAP server.

C.

This password is set to comply with FortiAnalvzer password policy

D.

This password is required because this is a restricted user.

Question 34

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

Options:

A.

FROM

B.

LIMIT

C.

WHERE

D.

ORDER BY

Question 35

Which daemon is responsible for enforcing raw log file size?

Options:

A.

logfiled

B.

oftpd

C.

sqlplugind

D.

miglogd

Question 36

An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email.

What could be the problem?

Options:

A.

Fortinet is assigned the Standard_ User administrator profile.

B.

A trusted host is configured.

C.

ADOM mode is configured with Advanced mode.

D.

Fortinet is assigned the Restricted_ User administrator profile.

Question 37

What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three)

Options:

A.

RADIUS

B.

Local

C.

LDAP

D.

PKI

E.

TACACS+

Question 38

Refer to the exhibit.

Question # 38

What is the purpose of configuring FortiAnalyzer with the settings displayed in the image?

Options:

A.

To increase reliability

B.

To expand bandwidth

C.

To maximize resiliency

D.

To improve security

Question 39

View the exhibit:

Question # 39

What does the 1000MB maximum for disk utilization refer to?

Options:

A.

The disk quota for the FortiAnalyzer model

B.

The disk quota for all devices in the ADOM

C.

The disk quota for each device in the ADOM

D.

The disk quota for the ADOM type

Question 40

Which statement about the communication between FortiGate high availability (HA) clusters and FortiAnalyzer is true?

Options:

A.

If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together.

B.

FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers.

C.

If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer.

D.

The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.

Question 41

Refer to the exhibit.

Question # 41

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

To add a new chart under FortiView to be used in new reports

B.

To build a dataset and chart automatically, based on the filtered search results

C.

To add charts directly to generate reports in the current ADOM

D.

To build a chart automatically based on the top 100 log entries

Question 42

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate on FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

An administrator group

C.

One or more remote LDAP servers

D.

LDAP servers IP addresses added as trusted hosts

Question 43

Refer to the exhibit, which shows the HA configuration settings of a FortiAnalyzer device.

Question # 43

The administrator wants to join this FortiAnalyzer to an existing HA cluster. What can you conclude from the configuration displayed?

Options:

A.

After joining the cluster, this FortiAnalyzer will forward received logs to its peers.

B.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

C.

This FortiAnalyzer is configured to route HA traffic through a gateway.

D.

This FortiAnalyzer will join the existing HA cluster as the secondary.

Question 44

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Options:

A.

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.

FortiAnalyzer flags the associated host for further analysis.

C.

A new Infected entry is added for the corresponding endpoint.

D.

The detection engine classifies those logs as Suspicious

Question 45

Why must you wait for several minutes before you run a playbook that you just created?

Options:

A.

FortiAnalyzer needs that time to parse the new playbook.

B.

FortiAnalyzer needs that time to back up the current playbooks.

C.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

D.

FortiAnalyzer needs that time to debug the new playbook.

Question 46

Which three RAID configurations provide fault tolerance on FortiAnalyzer? (Choose three.)

Options:

A.

RAIDO

B.

RAID 5

C.

RAID1

D.

RAID 6+0

E.

RAID 0+0

Question 47

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

A remote LDAP server

C.

A trusted host profile that restricts access to the LDAP group

D.

An administrator group

Question 48

For which two purposes would you use the command set log checksum? (Choose two.)

Options:

A.

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

B.

To prevent log modification or tampering

C.

To encrypt log communications

D.

To send an identical set of logs to a second logging server

Question 49

View the exhibit.

Question # 49

Why is the total quota less than the total system storage?

Options:

A.

3.6% of the system storage is already being used.

B.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

C.

The oftpd process has not archived the logs yet

D.

The logfiled process is just estimating the total quota

Question 50

Which log will generate an event with the status Contained?

Options:

A.

An IPS log with action=pass.

B.

A WebFilter log with action=dropped.

C.

An AV log with action=quarantine.

D.

An AppControl log with action=blocked.

Question 51

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data

policy.

What is the most likely problem?

Options:

A.

CPU resources are too high

B.

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.

The total disk space is insufficient and you need to add other disk

D.

The ADOM disk quota is set too low, based on log rates

Page: 1 / 17
Total 171 questions