New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet FCP_FAZ_AN-7.4 FCP - FortiAnalyzer 7.4 Analyst Exam Practice Test

Page: 1 / 6
Total 56 questions

FCP - FortiAnalyzer 7.4 Analyst Questions and Answers

Question 1

Which two statements about playbook execution are true? (Choose two)

Options:

A.

FortiAnalyzer will not commit changes made by a Failed playbook

B.

The Playbook Monitor provides troubleshooting logs

C.

You can

O Even I the playbook status is Failed, individual tasks may have succeeded.

Question 2

Refer to the exhibit with partial output:

Question # 2

Your colleague exported a playbook and has sent it to you for review. You open the file in a text editor and observer the output as shown in the exhibit.

Which statement about the export is true?

Options:

A.

The export data type is zipped.

B.

The playbook is misconfigured.

C.

The option to include the connector was not selected.

D.

Your colleague put a password on the export.

Question 3

Exhibit.

Question # 3

Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?

Options:

A.

FortiAnalayzer1 and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

FortiAnalyzer2 and FortiAnalyzer3

D.

All devices listed can be members.

Question 4

Which log will generate an event with the status Contained?

Options:

A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log will action=dropped.

D.

An AppControl log with action=blocked.

Question 5

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been uncuccessful.

Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

Options:

A.

Open .gz log files in FortiView.

B.

Rebuild the SQL database and check FortiView.

C.

Review the ADOM data policy

D.

Check logs in the Log Browse

Question 6

Which statement regarding macros on FortiAnalyzer is true?

Options:

A.

Macros are predefined templates for reports and cannot be customized.

B.

Macros are useful in generating excel log files automatically based on the report settings.

C.

Macros are ADOM-specific and each ADOM type have unique macros relevant to that ADOM.

D.

Macros are supported only on the FortiGate ADOMs.

Question 7

Exhibit.

Question # 7

What does the data point at 12:20 indicate?

Options:

A.

The log insert log time is increasing.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The performance of FortiAnalyzer is below the baseline.

D.

The sqiplugind service is caught up with the logs

Question 8

Exhibit.

Question # 8

A fortiAnalyzer analyst is customizing a SQL query to use in a report.

Which SQL query should the analyst run to get the expected results?

A)

Question # 8

B)

Question # 8

C)

Question # 8

D)

Question # 8

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 9

Exhibit.

Question # 9

What is the purpose of using the Chart Builder feature On FortiAnalyzer?

Options:

A.

To build a chart automatically based on the top 100 log entries

B.

To add charts directly to generate reports in the current ADOM.

C.

To add a new chart under FortiView to be used in new reports

D.

To build a dataset and chart based on the filtered search results

Question 10

Exhibit.

Question # 10

Which statement about the event displayed is correct?

Options:

A.

The risk source is isolated.

B.

The security risk was blocked or dropped.

C.

The security event risk is considered open.

D.

An incident was created from this event.

Question 11

Exhibit.

Question # 11

Laptop1 is used by several administrators to manage FotiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than admin’’, and coming from Laptop1.

Which filter will achieve the desired result?

Options:

A.

Operation-login and performed_on==’’GUI(10.1.1.100)’ and user!=admin

B.

Operation-login and performed_on==’’GU (10.1.1.120)’ and user!=admin

C.

Operation-login and srcip== 10.1.1.100 and dstip==10.1.1.1.210 and user==admin

D.

Operation-login and dstip==10.1.1.210 and user!-admin

Question 12

You need to move reports between two ADOMs.

Which two statements are true? (Choose two.)

Options:

A.

The ADOMs must be compatible types.

B.

The data and time will be appointed to the original report name to avoid conflicts.

C.

All charts and datasets associated with the report will be imported together.

D.

You need to convert the reports into templates first.

Question 13

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

Options:

A.

The generation time for reports is decreased.

B.

When new logs are received, the hard-cache data is updated automatically.

C.

FortiAnalyzer local cache is used to store generated reports.

D.

The size of newly generated reports is optimized to conserve disk space.

Question 14

Which two statements about exporting and importing playbacks are true? (Choose two.)

Options:

A.

A playbook that was disabled when it was exported mil be disabled when it is imported.

B.

Playbooks can so imported 10 a different FortiAnayzer device, but only if the connectors already exist

C.

You can import a playbook even if there is another one win the same name in the destination

D.

You can export only one playbook at a time.

Question 15

Refer to Exhibit:

Question # 15

What does the data point at 21:20 indicate?

Options:

A.

FortiAnalyzer is indexing logs faster than logs are being received.

B.

The fortilogd daemon is ahead in indexing by one log.

C.

The SQL database requires a rebuild because of high receive lag.

D.

FortiAnalyzer is temporarily buffering received logs so older logs can be indexed first.

Question 16

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Options:

A.

FortiView Monitor

B.

Outbreak alert services

C.

Incidents dashboard

D.

Threat hunting

Page: 1 / 6
Total 56 questions