Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.

Must establish an IPsec tunnel ID and pre-shared key.

IPsec cannot be enabled if SSL is enabled as well.

IPsec is only enabled through the CLI on FortiAnalyzer.

To add a new chart under FortiView to be used in new reports

To build a dataset and chart automatically, based on the filtered search results

To add charts directly to generate reports in the current ADOM

To build a chart automatically based on the top 100 log entries

Logs that reached a specific size and were rolled over

Logs that can be used to create reports

Logs that can be viewed using Log Browse

Logs that are saved to disk, compressed, and available in FortiView

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

Use the execute sql-report run ADOM1 command to run a report.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

To reduce report generation time

To automatically update the hcache when new logs arrive

To reduce the log insert lag rate

To provide diagnostics on report generation time

Remote logging must be enabled on FortiGate

Log encryption must be enabled

ADOMs must be enabled

FortiGate must be registered with FortiAnalyzer

When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.

Collector mode is the default operating mode.

When in collector mode. FortiAnalyzer supports event management and reporting features.

By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting

Forwarded logs cannot be filtered to match specific criteria.

Logs are forwarded in real-time only.

The client retains a local copy of the logs after forwarding.

You can use aggregation mode only with another FortiAnalyzer.

Mail server

Output profile

SFTP server

Report scheduling

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

There is no need to do anything because the disk will self-recover.

Run execute format disk to format and restart the FortiAnalyzer device.

Perform a hot swap of the disk.

Shut down FortiAnalyzer and replace the disk.

This password is used if the authentication server becomes unreachable.

This password authenticates FortiAnalyzer aqainst the LDAP server.

This password is set to comply with FortiAnalvzer password policy

This password is required because this is a restricted user.

New alerts are received by email.

Outbreak alerts are available on the root ADOM only.

An additional license is required.

It automatically downloads new event handlers and reports.

Export to Report Chart

Export to PDF

Export to Chart Builder

Export to Custom Chart

Used storage

Retention policy

Reserved space

Total system storage

FortiAnalyzer needs that time to parse the new playbook.

FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

Compressed logs, also known as archive logs

Logs that are indexed and stored in the SQL database

Any logs collected from offline devices after they boot up

Real-time logs that are not yet indexed

Success

Failed

Running

Upstream_failed

FortiAnalyzer resets the disk quota of the new ADOM to default.

FortiAnalyzer migrates archive logs to the new ADOM.

FortiAnalyzer migrates analytics logs to the new ADOM.

FortiAnalyzer removes logs from the old ADOM.

Virtual domains

Administrative access profiles

Trusted hosts

Security Fabric

It creates a wildcard administrator using LDAP and RADIUS servers.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

It allows administrators to use two-factor authentication.

Set the ADOM mode to Advanced

Assign the ADOMs to the administrator’s account

Configure trusted hosts

Assign the default Super_User administrator profile

The Fabric supervisor collects logs from the Fabric members.

Logging devices can register to the Fabric supervisor or to Fabric members.

Fabric members support HA.

Administrators can create new incidents from the Fabric supervisor.

sqlplugind

logfiled

miglogd

ofrpd

The received rate is almost at its maximum for this device

The sqlplugind daemon is behind in log indexing by two logs

Logs are being dropped

Raw logs are reaching FortiAnalyzer faster than they can be indexed

Both modes, forwarding and aggregation send logs as soon as they are received.

Aggregation mode requires two FortiAnalyzer devices.

Forwarding mode forwards logs to other FortiAnalyzer devices syslog servers, or CEF servers.

Forwarding mode requires configuration on the server side.

Hot swap the disk

Replace the disk and rebuild the RAID manually

Take no action if the RAID level supports a failed disk

Shut down FortiAnalyzer and replace the disk

FortiAnalyzer Event Handler

Incoming webhook

FortiOS Event Log

Fabric Connector event

Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Configure # set resolve-ip enable in the system FortiView settings

Configure local DNS servers on FortiAnalyzer

Resolve IP addresses on FortiGate

You enabled auto-cache with extended log filtering.

The logfiled service has not indexed all the expected logs.

The logs were overwritten by the data retention policy.

The time frame selected in the report is wrong.

First, upgrade the secondary device, and then upgrade the primary device.

Both FortiAnalyzer devices will be upgraded at the same time.

You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades.

You can perform the firmware upgrade using only a console connection.

Serial number

Pre-shared key

Fabric Authorization

Request from the device

It can be edited and modified as required

It specifies the report layout which contains predefined texts, charts, and macros

It specifies report settings which contains time period, device selection, and schedule

It contains predefined data to generate mock reports

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

FortiAnalyzer HA active-passive mode can function without VRRP.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode.

All devices in a FortiAnalyzer HA cluster must have the same available disk space.

When in collector mode, FortiAnalyzer offloads the log receiving task to the analyzer.

When in analyzer mode, FortiAnalyzer supports event management and reporting features.

For the collector, you should allocate most of the disk space to analytics logs.

Analyzer mode is the default operating mode.

To record the hash value and authentication code of log files.

To encrypt log transfer between FortiAnalyzer and other devices.

To create the secure channel used by the OFTP process.

To verify the integrity of the log files received.

ADOM mode is configured with Advanced mode.

A trusted host is configured.

fortinet is assigned the default Standard_User administrative profile.

fortinet is assigned the default Restricted_User administrative profile.

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

You can only change ADOM modes through CLI.

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

Normal mode is the default ADOM mode.

To reset all settings from flash except the current IP addresses and routes.

To erase all device settings and images, databases, and log data from the disk, but preserve the IP and routing info.

To perform a low-level format of the disk overwriting the hard disk with random data.

To reset to factory default settings from flash.

Generated reports

Device list

Authorized devices logs

System information

SSL is the default setting.

SSL communications are auto-negotiated between the two devices.

SSL can send logs in real-time only.

SSL encryption levels are globally set on FortiAnalyzer.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

A pre-shared key needs to be established on both sides.

The management computer does not have connectivity to the authorization IP address and port combination.

The Security Fabric root is unauthorized and needs to be added as a trusted host.

The fabric authorization settings on FortiAnalyzer are misconfigured.

To reset the disk quota enforcement to default

To remove the analytics logs of the device from the old database

To migrate the archive logs to the new ADOM

To populate the new ADOM with analytical logs for the moved device, so you can run reports

The traffic destination is another FortiGate in the fabric.

The upstream FortiGate is configured to do NAT

Log redundancy is configured in the fabric.

The downstream device cannot connect to FortiAnalyzer.

logfiled

oftpd

sqlplugind

miglogd

To add a unique tag to each log to prove that it came from this FortiAnalyzer

To add the MD5 hash value and authentication code

To add a log file checksum

To encrypt log communications

The FortiAnalyzer stops logging once the disk log quota is met.

The FortiAnalyzer automatically sets the disk log quota based on the device.

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible.

You can change ADOM modes only through the CLI.

In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

Normal mode is the default ADOM mode.

An account that permits access to members of an LDAP group

An account that allows guest access with read-only privileges

An account that requires two-factor authentication

An account that validates against any user account on a FortiAuthenticator

Use DNS

Use host name resolution

Use real-time forwarding

Use an NTP server

It requires a FortiManager configured to manage FortiGate

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

It runs as a docker container on FortiAnalyzer