New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

FCP - FortiAnalyzer 7.4 Administrator Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?

Options:

A.

Log correlation

B.

Host name resolution

C.

Log collection

D.

Real-time forwarding

Question 2

Refer to the exhibit.

The exhibit shows the creation of a new administrator on FortiAnalyzer.

What are two effects of enabling the choice Match all users on remote server when configuring a new administrator? (Choose two.)

Options:

A.

It allows user accounts in the LDAP server to use two-factor authentication.

B.

It creates a wildcard administrator using an LDAP server.

C.

User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.

D.

Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.

Question 3

What statements are true regarding disk log quota? (Choose two)

Options:

A.

The FortiAnalyzer stops logging once the disk log quota is met.

B.

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Question 4

Which statement about the FortiSOAR management extension is correct?

Options:

A.

It requires a FortiManager configured to manage FortiGate

B.

It requires a dedicated FortiSOAR device or VM.

C.

It does not include a limited trial by default.

D.

It runs as a docker container on FortiAnalyzer

Question 5

Which daemon is responsible for enforcing raw log file size?

Options:

A.

logfiled

B.

oftpd

C.

sqlplugind

D.

miglogd

Question 6

An administrator has configured the following settings:

What is the purpose of executing these commands?

Options:

A.

To record the hash value and authentication code of log files.

B.

To encrypt log transfer between FortiAnalyzer and other devices.

C.

To create the secure channel used by the OFTP process.

D.

To verify the integrity of the log files received.

Question 7

Refer to the exhibit.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.

Which filter will achieve the desired result?

Options:

A.

operation-login & dstip==10.1.1.210 & user!-admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

Question 8

You need to upgrade your FortiAnalyzer firmware.

What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is

temporarily unavailable?

Options:

A.

FortiAnalyzer uses log fetching to retrieve the logs when back online

B.

FortiGate uses the miglogd process to cache the logs

C.

The logfiled process stores logs in offline mode

D.

Logs are dropped

Question 9

View the exhibit.

Why is the total quota less than the total system storage?

Options:

A.

3.6% of the system storage is already being used.

B.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

C.

The oftpd process has not archived the logs yet

D.

The logfiled process is just estimating the total quota

Question 10

Refer to the exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzer1 and FortiAnalyzer3

B.

All devices listed can be members.

C.

FortiAnalyzer1 and FortiAnalyzer2

D.

FortiAnalyzer2 and FortiAnalyzer3

Question 11

Which two statements are true regarding the outbreak detection service? (Choose two.)

Options:

A.

New alerts are received by email.

B.

Outbreak alerts are available on the root ADOM only.

C.

An additional license is required.

D.

It automatically downloads new event handlers and reports.

Question 12

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?

Options:

A.

The traffic destination is another FortiGate in the fabric.

B.

The upstream FortiGate is configured to do NAT

C.

Log redundancy is configured in the fabric.

D.

The downstream device cannot connect to FortiAnalyzer.

Question 13

Refer to the exhibit.

Which image corresponds to the packet capture shown in the exhibit?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 14

Consider the CLI command:

What is the purpose of the command?

Options:

A.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.

To add the MD5 hash value and authentication code

C.

To add a log file checksum

D.

To encrypt log communications

Question 15

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Question 16

What are two of the key features of FortiAnalyzer? (Choose two.)

Options:

A.

Centralized log repository

B.

Cloud-based management

C.

Reports

D.

Virtual domains (VDOMs)

Question 17

In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.

How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

Options:

A.

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

B.

Configure # set resolve-ip enable in the system FortiView settings

C.

Configure local DNS servers on FortiAnalyzer

D.

Resolve IP addresses on FortiGate

Question 18

By default, what happens when a log file reaches its maximum file size?

Options:

A.

FortiAnalyzer overwrites the log files.

B.

FortiAnalyzer stops logging.

C.

FortiAnalyzer rolls the active log by renaming the file.

D.

FortiAnalyzer forwards logs to syslog.

Question 19

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)

Options:

A.

Logs from registered devices

B.

Database snapshot

C.

Report information

D.

System information

Question 20

Which two purposes does the auto cache setting on reports serve? (Choose two.)

Options:

A.

It automatically updates the hcache when new logs arrive.

B.

It provides diagnostics on report generation time.

C.

It reduces the log insert lag rate.

D.

It reduces report generation time.

Question 21

Refer to the exhibit.

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.

Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

Options:

A.

It creates a wildcard administrator using LDAP and RADIUS servers.

B.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.

It allows administrators to use two-factor authentication.

Question 22

You are trying to initiate an authorization request from FortiGate to FortiAnalyzer, but the Security Fabric window does not open when you click Authorize.

Which two reasons can cause this to happen? (Choose two.)

Options:

A.

A pre-shared key needs to be established on both sides.

B.

The management computer does not have connectivity to the authorization IP address and port combination.

C.

The Security Fabric root is unauthorized and needs to be added as a trusted host.

D.

The fabric authorization settings on FortiAnalyzer are misconfigured.

Question 23

Which two methods can you use to send event notifications when an event occurs that matches a configured

event handler? (Choose two.)

Options:

A.

SMS

B.

Email

C.

SNMP

D.

IM

Question 24

View the exhibit.

What does the data point at 14:35 tell you?

Options:

A.

FortiAnalyzer is dropping logs.

B.

FortiAnalyzer is indexing logs faster than logs are being received.

C.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

D.

The sqlplugind daemon is ahead in indexing by one log.

Question 25

On the RAID management page, the disk status is listed as Initializing.

What does the status Initializing indicate about what the FortiAnalyzer is currently doing?

Options:

A.

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

B.

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

C.

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

D.

FortiAnalyzer is functioning normally

Question 26

Which two statements about deleting ADOMs are true? (Choose two.)

Options:

A.

Logs must be purged or migrated before you can delete an ADOM.

B.

ADOMs with registered devices cannot be deleted.

C.

Default ADOMs cannot be deleted.

D.

The status of the ADOMs must be unlocked.

Question 27

What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two)

Options:

A.

FortiAnalyzer distinguishes different devices by their serial number.

B.

FortiAnalyzer receives logs from d devices in a duster.

C.

FortiAnalyzer receives bgs only from the primary device in the cluster.

D.

FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

Question 28

For which two purposes would you use the command set log checksum? (Choose two.)

Options:

A.

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

B.

To prevent log modification or tampering

C.

To encrypt log communications

D.

To send an identical set of logs to a second logging server

Question 29

The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.

What can be the reason for this failure?

Options:

A.

FortiAnalyzer is in an HA cluster.

B.

ADOM mode should be set to advanced, in order to register the FortiClient EMS device.

C.

ADOMs are not enabled on FortiAnalyzer.

D.

A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

Question 30

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

Options:

A.

When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.

B.

Collector mode is the default operating mode.

C.

When in collector mode. FortiAnalyzer supports event management and reporting features.

D.

By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting

Question 31

Refer to the exhibit.

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Question 32

After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario? (Choose two.)

Options:

A.

You enabled auto-cache with extended log filtering.

B.

The logfiled service has not indexed all the expected logs.

C.

The logs were overwritten by the data retention policy.

D.

The time frame selected in the report is wrong.

Question 33

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

A remote LDAP server

C.

A trusted host profile that restricts access to the LDAP group

D.

An administrator group

Question 34

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?

Options:

A.

To upload logs to an SFTP server

B.

To prevent log modification during backup

C.

To send an identical set of logs to a second logging server

D.

To encrypt log communication between devices

Question 35

What is the purpose of a predefined template on the FortiAnalyzer?

Options:

A.

It can be edited and modified as required

B.

It specifies the report layout which contains predefined texts, charts, and macros

C.

It specifies report settings which contains time period, device selection, and schedule

D.

It contains predefined data to generate mock reports

Question 36

When working with FortiAnalyzer reports, what is the purpose of a dataset?

Options:

A.

To provide the layout used for reports

B.

To define the chart type to be used

C.

To retrieve data from the database

D.

To set the data included in templates

Question 37

What can you do on FortiAnalyzer to restrict administrative access from specific locations?

Options:

A.

Configure trusted hosts for that administrator.

B.

Enable geo-location services on accessible interface.

C.

Configure two-factor authentication with a remote RADIUS server.

D.

Configure an ADOM for respective location.

Question 38

Which two statements about log forwarding are true? (Choose two.)

Options:

A.

Forwarded logs cannot be filtered to match specific criteria.

B.

Logs are forwarded in real-time only.

C.

The client retains a local copy of the logs after forwarding.

D.

You can use aggregation mode only with another FortiAnalyzer.

Question 39

Refer to the exhibit.

Which statement is correct regarding the event displayed?

Options:

A.

The security risk was blocked or dropped.

B.

The security event risk is considered open.

C.

An incident was created from this event.

D.

The risk source is isolated.

Question 40

What is the recommended method of expanding disk space on a FortiAnalyzer VM?

Options:

A.

From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage

B.

From the VM host manager, expand the size of the existing virtual disk

C.

From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk

D.

From the VM host manager, add an additional virtual disk and rebuild your RAID array

Question 41

Refer to the exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.

Question 42

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?

(Choose two.)

Options:

A.

Mail server

B.

Output profile

C.

SFTP server

D.

Report scheduling

Question 43

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

Options:

A.

SSL is the default setting.

B.

SSL communications are auto-negotiated between the two devices.

C.

SSL can send logs in real-time only.

D.

SSL encryption levels are globally set on FortiAnalyzer.

E.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Question 44

What are the operating modes of FortiAnalyzer? (Choose two)

Options:

A.

Standalone

B.

Manager

C.

Analyzer

D.

Collector

Question 45

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

Options:

A.

Antivirus logs

B.

Web filter logs

C.

IPS logs

D.

Application control logs

Question 46

What can the CLI command # diagnose test application oftpd 3 help you to determine?

Options:

A.

What devices and IP addresses are connecting to FortiAnalyzer

B.

What logs, if any, are reaching FortiAnalyzer

C.

What ADOMs are enabled and configured

D.

What devices are registered and unregistered

Question 47

You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?

Options:

A.

FortiAnalyzer resets the disk quota of the new ADOM to default.

B.

FortiAnalyzer migrates archive logs to the new ADOM.

C.

FortiAnalyzer migrates analytics logs to the new ADOM.

D.

FortiAnalyzer removes logs from the old ADOM.

Question 48

An administrator has configured the following settings:

config system global

set log-checksum md5-auth

end

What is the significance of executing this command?

Options:

A.

This command records the log file MD5 hash value.

B.

This command records passwords in log files and encrypts them.

C.

This command encrypts log transfer between FortiAnalyzer and other devices.

D.

This command records the log file MD5 hash value and authentication code.

Question 49

An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails.

What can be the problem?

Options:

A.

ADOM mode is configured with Advanced mode.

B.

A trusted host is configured.

C.

fortinet is assigned the default Standard_User administrative profile.

D.

fortinet is assigned the default Restricted_User administrative profile.

Question 50

What must you consider when using log fetching? (Choose two.)

Options:

A.

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.

You can use filters to include only logs from a single device.

C.

The fetching profile must include a user with the Super_User profile.

D.

The archive logs retrieved from the server become archive logs in the client.

Question 51

Refer to the exhibits.

How many events will be added to the incident created after running this playbook?

Options:

A.

Ten events will be added.

B.

No events will be added.

C.

Five events will be added.

D.

Thirteen events will be added.