Fortinet FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Exam Practice Test

FortiAnalyzer overwrites the log files.

FortiAnalyzer stops logging.

FortiAnalyzer rolls the active log by renaming the file.

FortiAnalyzer forwards logs to syslog.

You can perform the firmware upgrade using only a console connection.

All FortiAnalyzer devices will be upgraded at the same time.

Enabling uninterruptible-upgrade prevents normal operations from being interrupted during the upgrade.

First, upgrade the secondary devices, and then upgrade the primary device.

You can only change ADOM modes through CLI.

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

Normal mode is the default ADOM mode.

ADOMs are enabled by default.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

All administrators can create ADOMs--not just the admin administrator.

The number of times in the logs where end users experienced slowness while accessing resources.

The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.

The amount of time FortiAnalyzer takes to receive logs from a registered device

sqlplugind

logfiled

miglogd

ofrpd

RAIDO

RAID 5

RAID1

RAID 6+0

RAID 0+0

The disk quota for the FortiAnalyzer model

The disk quota for all devices in the ADOM

The disk quota for each device in the ADOM

The disk quota for the ADOM type

Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.

Must establish an IPsec tunnel ID and pre-shared key.

IPsec cannot be enabled if SSL is enabled as well.

IPsec is only enabled through the CLI on FortiAnalyzer.

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

FortiGate was added to the wrong ADOM type.

This FortiGate model is not fully supported.

FortiGate does not have logging configured correctly.

This FortiGate is part of an HA cluster but it is the secondary device.

There is no need to do anything because the disk will self-recover.

Run execute format disk to format and restart the FortiAnalyzer device.

Perform a hot swap of the disk.

Shut down FortiAnalyzer and replace the disk.

Incidents dashboards

Threat hunting

FortiView Monitor

Outbreak alert services

The fetch client can retrieve logs from devices that are not added to its local Device Manager

You can use filters to include only logs from a single device.

The fetching profile must include a user with the Super_User profile.

The archive logs retrieved from the server become archive logs in the client.

oftpd

logfiled

miglogd

sqlplugind

One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.

The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.

The hard driveiIs no longer being used by the RAID controller

To reduce report generation time

To automatically update the hcache when new logs arrive

To reduce the log insert lag rate

To provide diagnostics on report generation time

Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

Log type Traffic logs.

Logs that roll over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL.

Raw logs that are compressed and saved to a log file.

Forwarded logs cannot be filtered to match specific criteria.

Logs are forwarded in real-time only.

The client retains a local copy of the logs after forwarding.

You can use aggregation mode only with another FortiAnalyzer.

ADOM mode is configured with Advanced mode.

A trusted host is configured.

fortinet is assigned the default Standard_User administrative profile.

fortinet is assigned the default Restricted_User administrative profile.

Output profile

Report scheduling

SFTP server

SNMP server

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses the miglogd process to cache the logs

The logfiled process stores logs in offline mode

Logs are dropped

Mail server

Output profile

SFTP server

Report scheduling

FortiAnalyzerl and FortiAnalyzer3

FortiAnalyzer1 and FortiAnalyzer2

All devices listed can be members

FortiAnalyzer2 and FortiAnalyzer3

They determine what data is retrieved from the database.

They provide the layout used for reports.

They are used to set the data included in templates.

They define the chart types to be used in reports.

Configure trusted hosts for that administrator.

Enable geo-location services on accessible interface.

Configure two-factor authentication with a remote RADIUS server.

Configure an ADOM for respective location.

Logs must be purged or migrated before you can delete an ADOM.

ADOMs with registered devices cannot be deleted.

Default ADOMs cannot be deleted.

The status of the ADOMs must be unlocked.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

Logs that are indexed and stored in the SQL database.

Logs that are collected from offline devices after they boot up.

RADIUS

Local

LDAP

PKI

TACACS+

Network analysis

Graphical reporting

Content archiving / data mining

Vulnerability assessment

Security log analysis / forensics

FortiAnalyzer1 and FortiAnalyzer3

All devices listed can be members.

FortiAnalyzer1 and FortiAnalyzer2

FortiAnalyzer2 and FortiAnalyzer3

To encrypt log communications and data

To prevent log modification or tampering

To send an identical set of logs to a second logging server

To protect log data from man-in-the-middle attacks

The total disk space is insufficient and you need to add other disk.

CPU resources are too high.

The ADOM disk quota is set too low based on log rates.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

It is a device whose registration has not yet been accepted in FortiAnalvzer.

It is a device that has not yet been assigned an ADOM.

It is a device that is waiting for you to configure a pre-shared key.

It is a device that FortiAnalvzer does not support.

Logs are forwarded as they are received and content files are uploaded at a scheduled time.

Logs and content files are stored and uploaded at a scheduled time.

Logs are forwarded as they are received.

Logs and content files are forwarded as they are received.

FortiView

Event Management

Device Manger

Reporting

SSL is the default setting.

SSL communications are auto-negotiated between the two devices.

SSL can send logs in real-time only.

SSL encryption levels are globally set on FortiAnalyzer.

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Use the execute sql-local rebuild-db command to rebuild all ADOM databases.

Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.

Use the execute sql-report run ADOM1 command to run a report.

Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

This FortiAnalyzer will join to the existing HA cluster as the primary.

This FortiAnalyzer is configured to receive logs in its port1.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

After joining to the cluster, this FortiAnalyzer will keep an updated log database.

The performance of FortiAnalyzer is below the baseline.

FortiAnalyzer is using its cache to avoid dropping logs.

The log insert lag time is increasing.

The sqlplugind service is caught up with new logs.

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

logfiled

miglogd

sqlplugind

oftpd

3.6% of the system storage is already being used.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

The oftpd process has not archived the logs yet

The logfiled process is just estimating the total quota

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

FROM

LIMIT

WHERE

ORDER BY

It provides network statistics for active connections, including the protocols, IP addresses, and connection states.

It provides the complete routing table, including directly connected routes.

It provides the static DNS table, including the host names and their expiration timers.

It provides NTP server information, including server IPs. stratum, poll time, and latency.

Option A

Option B

Option C

Option D

Improve report completion time.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

Reduce the number of hcache tables and improve auto-hcache completion time.

Provides a better summary of reports.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

This feature allows you to build a chart under FortiView.

You can add charts to generated reports using this feature.

Both modes, forwarding and aggregation, support encryption of logs between devices.

In aggregation mode, you can forward logs to syslog and CEF servers.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

Standalone

Manager

Analyzer

Collector