Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. FCP_FAZ_AD-7.4 - FCP - FortiAnalyzer 7.4 Administrator

Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

Demo: 54 questions
Total 183 questions
Get FCP_FAZ_AD-7.4 Full Access Download FCP_FAZ_AD-7.4 PDF

FCP - FortiAnalyzer 7.4 Administrator Questions and Answers

Question 1

Which two parameters impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)

Options:

A.

Total quota

B.

License type

C.

RAID level

D.

Disk size

Question 2

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Question 3

What statements are true regarding disk log quota? (Choose two)

Options:

A.

The FortiAnalyzer stops logging once the disk log quota is met.

B.

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Question 4

NO: 5

Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from

another FortiAnalyzer device?

Options:

A.

Log upload

B.

Indicators of Compromise

C.

Log forwarding an aggregation mode

D.

Log fetching

Question 5

Which process is responsible for enforcing the log file size?

Options:

A.

oftpd

B.

miglogd

C.

sqlplugind

D.

logfiled

Question 6

In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)

Options:

A.

Remote logging must be enabled on FortiGate

B.

Log encryption must be enabled

C.

ADOMs must be enabled

D.

FortiGate must be registered with FortiAnalyzer

Question 7

FortiAnalyzer centralizes which functions? (Choose three)

Options:

A.

Network analysis

B.

Graphical reporting

C.

Content archiving / data mining

D.

Vulnerability assessment

E.

Security log analysis / forensics

Question 8

Which statement is true about ADOMs?

Options:

A.

A fabric ADOM can include all the device types supported by FortiAnalyzer.

B.

When a FortiAnalyzer Fabric is implemented the default ADOM mode is set to advanced.

C.

In normal mode, you cannot change the disk quota of the ADOM after its creation.

D.

You can change the ADOM mode only through the GUI.

Question 9

Refer to the exhibit.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.

Which filter will achieve the desired result?

Options:

A.

operation-login & dstip==10.1.1.210 & user!-admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

Question 10

Refer to the exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Question 11

Which daemon is responsible for enforcing raw log file size?

Options:

A.

logfiled

B.

oftpd

C.

sqlplugind

D.

miglogd

Question 12

Which three RAID configurations provide fault tolerance on FortiAnalyzer? (Choose three.)

Options:

A.

RAIDO

B.

RAID 5

C.

RAID1

D.

RAID 6+0

E.

RAID 0+0

Question 13

What is the purpose of the FortiAnalyzer command execute format disk?

Options:

A.

To reset all settings from flash except the current IP addresses and routes.

B.

To erase all device settings and images, databases, and log data from the disk, but preserve the IP and routing info.

C.

To perform a low-level format of the disk overwriting the hard disk with random data.

D.

To reset to factory default settings from flash.

Question 14

You need to upgrade your FortiAnalyzer firmware.

What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is

temporarily unavailable?

Options:

A.

FortiAnalyzer uses log fetching to retrieve the logs when back online

B.

FortiGate uses the miglogd process to cache the logs

C.

The logfiled process stores logs in offline mode

D.

Logs are dropped

Question 15

An administrator has configured the following settings:

config system fortiview settings

set resolve-ip enable

end

What is the significance of executing this command?

Options:

A.

Use this command only if the source IP addresses are not resolved on FortiGate.

B.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Question 16

Refer to the exhibit.

Which statement is correct regarding the event displayed?

Options:

A.

The security risk was blocked or dropped.

B.

The security event risk is considered open.

C.

An incident was created from this event.

D.

The risk source is isolated.

Question 17

How are logs forwarded when FortiAnalyzer is using aggregation mode?

Options:

A.

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

B.

Logs and content files are stored and uploaded at a scheduled time.

C.

Logs are forwarded as they are received.

D.

Logs and content files are forwarded as they are received.

Question 18

What are the operating modes of FortiAnalyzer? (Choose two)

Options:

A.

Standalone

B.

Manager

C.

Analyzer

D.

Collector

Question 19

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

Options:

A.

To properly correlate logs

B.

To use real-time forwarding

C.

To resolve host names

D.

To improve DNS response times

Question 20

Which statement correctly describes RAID 10 (1+0) on FortiAnalyzer?

Options:

A.

A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.B It combines mirroring striping and distributed parity to provide performance and fault tolerance

B.

A configuration with four disks, each with 2 TB of capacity, provides a total space of 2 TB.

C.

It uses striping to provide performance and fault tolerance.

Question 21

Which two statements are true about FortiAnalyzer log forwarding modes? (Choose two.)

Options:

A.

Both modes, forwarding and aggregation send logs as soon as they are received.

B.

Aggregation mode requires two FortiAnalyzer devices.

C.

Forwarding mode forwards logs to other FortiAnalyzer devices syslog servers, or CEF servers.

D.

Forwarding mode requires configuration on the server side.

Question 22

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

Options:

A.

Success

B.

Failed

C.

Running

D.

Upstream_failed

Question 23

Refer to the exhibit.

The capture displayed was taken on a FortiAnalyzer.

Why is a single IP address shown as the source for all logs received?

Options:

A.

FortiAnalyzer is using the device MAC addresses to differentiate their logs.

B.

The logs belong to devices that are part of a high availability (HA) cluster.

C.

FortiAnalyzer is receiving logs from the root FortiGate of a Security Fabric.

D.

The device sending logs has two VDOMs in the same ADOM.

Question 24

How can you attach a report to an incident?

Options:

A.

By attaching it to an event handler alert

B.

By editing the settings of the desired report

C.

From the properties of an existing incident

D.

Saving it in JSON format, and then importing it

Question 25

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Question 26

Which two statements are true regarding fabric connectors? (Choose two.)

Options:

A.

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

B.

Fabric connectors allow to save storage costs and improve redundancy.

C.

Storage connector service does not require a separate license to send logs to cloud platform.

D.

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

Question 27

What can you do on FortiAnalyzer to restrict administrative access from specific locations?

Options:

A.

Configure trusted hosts for that administrator.

B.

Enable geo-location services on accessible interface.

C.

Configure two-factor authentication with a remote RADIUS server.

D.

Configure an ADOM for respective location.

Question 28

What are offline logs on FortiAnalyzer?

Options:

A.

Compressed logs, also known as archive logs

B.

Logs that are indexed and stored in the SQL database

C.

Any logs collected from offline devices after they boot up

D.

Real-time logs that are not yet indexed

Question 29

Which statement is true when you are upgrading the firmware on an HA cluster made up of two FortiAnalyzer devices?

Options:

A.

First, upgrade the secondary device, and then upgrade the primary device.

B.

Both FortiAnalyzer devices will be upgraded at the same time.

C.

You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades.

D.

You can perform the firmware upgrade using only a console connection.

Question 30

Refer to the exhibit.

The exhibit shows the creation of a new administrator on FortiAnalyzer. The new account uses the credentials stored on an LDAP server.

Why would an administrator configure a password for this account?

Options:

A.

This password is used if the authentication server becomes unreachable.

B.

This password authenticates FortiAnalyzer aqainst the LDAP server.

C.

This password is set to comply with FortiAnalvzer password policy

D.

This password is required because this is a restricted user.

Question 31

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

Options:

A.

To upload logs to an SFTP server

B.

To prevent log modification during backup

C.

To send an identical set of logs to a second logging server

D.

To encrypt log communication between devices

Question 32

NO: 14

View the exhibit.

Why is the total quota less than the total system storage?

Options:

A.

3.6% of the system storage is already being used.

B.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

C.

The oftpd process has not archived the logs yet

D.

The logfiled process is just estimating the total quota

Question 33

What are offline logs on FortiAnalyzer?

Options:

A.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.

Logs that are indexed and stored in the SQL database.

D.

Logs that are collected from offline devices after they boot up.

Question 34

Which two statements regarding the log synchronization states for HA on FortiAnalyzer are true? (Choose two.)

Options:

A.

With Initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

B.

By default, Log Data Sync is disabled on all backup devices.

C.

When Log Data Sync is turned on, the backup device reboots and then rebuilds the log database with the synchronized logs.

D.

Log Data Sync provides real-time log synchronization to all backup devices.

Question 35

Which log will generate an event with the status Contained?

Options:

A.

An IPS log with action=pass.

B.

A WebFilter log with action=dropped.

C.

An AV log with action=quarantine.

D.

An AppControl log with action=blocked.

Question 36

How can you configure FortiAnalyzer to permit administrator logins from only specific locations?

Options:

A.

Use static routes

B.

Use administrative profiles

C.

Use trusted hosts

D.

Use secure protocols

Question 37

What is the purpose of using prefilters when configuring event handlers?

Options:

A.

They limit which logs are checked for matches by the other filters.

B.

They can filter the logs before they are processed by FortiAnalyzer

C.

They download new filters to be used in event handlers.

D.

They are common filters applied simultaneously to all event handlers.

Question 38

You crested a playbook on FortiAnalyzer that uses a FortiOS connector

When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?

Options:

A.

FortiAnalyzer Event Handler

B.

Incoming webhook

C.

FortiOS Event Log

D.

Fabric Connector event

Question 39

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?

Options:

A.

The traffic destination is another FortiGate in the fabric.

B.

The upstream FortiGate is configured to do NAT

C.

Log redundancy is configured in the fabric.

D.

The downstream device cannot connect to FortiAnalyzer.

Question 40

Refer to the exhibit.

Based on the output, what can you conclude about the FortiAnalyzer logging status?

Options:

A.

The connection between FortiGate and FortiAnalyzer is overloaded.

B.

FortiGate has logs to send, but FortiAnalyzer is unavailable.

C.

FortiGate is configured to send logs in batches.

D.

FortiGate is sending logs again after it performed a reboot.

Question 41

An administrator has configured the following settings:

What is the purpose of executing these commands?

Options:

A.

To record the hash value and authentication code of log files.

B.

To encrypt log transfer between FortiAnalyzer and other devices.

C.

To create the secure channel used by the OFTP process.

D.

To verify the integrity of the log files received.

Question 42

If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the

FortiAnalyzer back to functioning normally, without losing data?

Options:

A.

Hot swap the disk

B.

Replace the disk and rebuild the RAID manually

C.

Take no action if the RAID level supports a failed disk

D.

Shut down FortiAnalyzer and replace the disk

Question 43

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

Options:

A.

FROM

B.

LIMIT

C.

WHERE

D.

ORDER BY

Question 44

View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

Options:

A.

The disk quota for the FortiAnalyzer model

B.

The disk quota for all devices in the ADOM

C.

The disk quota for each device in the ADOM

D.

The disk quota for the ADOM type

Question 45

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the

purpose of running the following CLI command?

execute sql-local rebuild-adom

Options:

A.

To reset the disk quota enforcement to default

B.

To remove the analytics logs of the device from the old database

C.

To migrate the archive logs to the new ADOM

D.

To populate the new ADOM with analytical logs for the moved device, so you can run reports

Question 46

When you perform a system backup, what does the backup configuration contain? (Choose two.)

Options:

A.

Generated reports

B.

Device list

C.

Authorized devices logs

D.

System information

Question 47

What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?

Options:

A.

Log correlation

B.

Host name resolution

C.

Log collection

D.

Real-time forwarding

Question 48

The connection status of a new device on FortiAnalyzer is listed as Unauthorized.

What does that status mean?

Options:

A.

It is a device whose registration has not yet been accepted in FortiAnalvzer.

B.

It is a device that has not yet been assigned an ADOM.

C.

It is a device that is waiting for you to configure a pre-shared key.

D.

It is a device that FortiAnalvzer does not support.

Question 49

What are two advantages of setting up fabric ADOM? (Choose two.)

Options:

A.

It can be used for fast data processing and log correlation

B.

It can be used to facilitate communication between devices in same Security Fabric

C.

It can include all Fortinet devices that are part of the same Security Fabric

D.

It can include only FortiGate devices that are part of the same Security Fabric

Question 50

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose

two.)

Options:

A.

License type

B.

Disk size

C.

Total quota

D.

RAID level

Question 51

If you upgrade your FortiAnalyzer firmware, what report elements can be affected?

Options:

A.

Output profiles

B.

Report settings

C.

Report scheduling

D.

Custom datasets

Question 52

For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered

devices should:

Options:

A.

Use DNS

B.

Use host name resolution

C.

Use real-time forwarding

D.

Use an NTP server

Question 53

What purposes does the auto-cache setting on reports serve? (Choose two.)

Options:

A.

To reduce report generation time

B.

To automatically update the hcache when new logs arrive

C.

To reduce the log insert lag rate

D.

To provide diagnostics on report generation time

Question 54

Refer to the exhibits.

How many events will be added to the incident created after running this playbook?

Options:

A.

Ten events will be added.

B.

No events will be added.

C.

Five events will be added.

D.

Thirteen events will be added.

Load More FCP_FAZ_AD-7.4 Questions
Demo: 54 questions
Total 183 questions
Get FCP_FAZ_AD-7.4 Full Access Download FCP_FAZ_AD-7.4 PDF