Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Questions and Answers

Questions 4

Which two statements express the advantages of grouping similar reports? (Choose two.)

Options:

A.

Improve report completion time.

B.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

C.

Reduce the number of hcache tables and improve auto-hcache completion time.

D.

Provides a better summary of reports.

Buy Now
Questions 5

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 5

Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)

Options:

A.

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.

Reports will be cached in the memory.

C.

This feature is automatically enabled for scheduled reports.

D.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Buy Now
Questions 6

Which SQL query is in the correct order to query the database in the FortiAnslyzer?

Options:

A.

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

Buy Now
Questions 7

A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playbook after it is run?

Options:

A.

Running

B.

Failed

C.

Upstream_failed

D.

Success

Buy Now
Questions 8

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 8

Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin" and coming from Laptop1:

Which filter will achieve the desired result?

Options:

A.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & dstip==10.1.1.210 & userl-admin

D.

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

Buy Now
Questions 9

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

Options:

A.

When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.

B.

Collector mode is the default operating mode.

C.

When in collector mode. FortiAnalyzer supports event management and reporting features.

D.

By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting

Buy Now
Questions 10

What are the operating modes of FortiAnalyzer? (Choose two)

Options:

A.

Standalone

B.

Manager

C.

Analyzer

D.

Collector

Buy Now
Questions 11

You need to upgrade your FortiAnalyzer firmware.

What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is

temporarily unavailable?

Options:

A.

FortiAnalyzer uses log fetching to retrieve the logs when back online

B.

FortiGate uses the miglogd process to cache the logs

C.

The logfiled process stores logs in offline mode

D.

Logs are dropped

Buy Now
Questions 12

Which two statements about high availability (HA) on FortiAnalyzer are true? (Choose two.)

Options:

A.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

B.

FortiAnalyzer HA active-passive mode can function without VRRP.

C.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode.

D.

All devices in a FortiAnalyzer HA cluster must have the same available disk space.

Buy Now
Questions 13

On FortiAnalyzer, what is a wildcard administrator account?

Options:

A.

An account that permits access to members of an LDAP group

B.

An account that allows guest access with read-only privileges

C.

An account that requires two-factor authentication

D.

An account that validates against any user account on a FortiAuthenticator

Buy Now
Questions 14

What are two advantages of setting up fabric ADOM? (Choose two.)

Options:

A.

It can be used for fast data processing and log correlation

B.

It can be used to facilitate communication between devices in same Security Fabric

C.

It can include all Fortinet devices that are part of the same Security Fabric

D.

It can include only FortiGate devices that are part of the same Security Fabric

Buy Now
Questions 15

After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario? (Choose two.)

Options:

A.

You enabled auto-cache with extended log filtering.

B.

The logfiled service has not indexed all the expected logs.

C.

The logs were overwritten by the data retention policy.

D.

The time frame selected in the report is wrong.

Buy Now
Questions 16

An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails.

What can be the problem?

Options:

A.

ADOM mode is configured with Advanced mode.

B.

A trusted host is configured.

C.

fortinet is assigned the default Standard_User administrative profile.

D.

fortinet is assigned the default Restricted_User administrative profile.

Buy Now
Questions 17

A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed. What will be the status of the playbook after its execution?

Options:

A.

Success

B.

Failed

C.

Running

D.

Upstream_failed

Buy Now
Questions 18

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 18

What is the purpose of configuring FortiAnalyzer with the settings displayed in the image?

Options:

A.

To increase reliability

B.

To expand bandwidth

C.

To maximize resiliency

D.

To improve security

Buy Now
Questions 19

In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to

a hostname. How can you resolve the source and destination IPs, without introducing any additional

performance impact to FortiAnalyzer?

Options:

A.

Configure local DNS servers on FortiAnalyzer

B.

Resolve IPs on FortiGate

C.

Configure # set resolve-ip enable in the system FortiView settings

D.

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Buy Now
Questions 20

An administrator has moved FortiGate A from the root ADOM to ADOM1.

Which two statements are true regarding logs? (Choose two.)

Options:

A.

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.

Logs will be presented in both ADOMs immediately after the move.

D.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Buy Now
Questions 21

Which two statements regarding FortiAnalyzer log forwarding modes are true? (Choose two.)

Options:

A.

Both modes, forwarding and aggregation, support encryption of logs between devices.

B.

In aggregation mode, you can forward logs to syslog and CEF servers.

C.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

D.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

Buy Now
Questions 22

When working with FortiAnalyzer reports, what is the purpose of a dataset?

Options:

A.

To provide the layout used for reports

B.

To define the chart type to be used

C.

To retrieve data from the database

D.

To set the data included in templates

Buy Now
Questions 23

An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mall server that can be used to send email.

What could be the problem?

Options:

A.

Fortinet is assigned the Standard_ User administrator profile.

B.

A trusted host is configured.

C.

ADOM mode is configured with Advanced mode.

D.

Fortinet is assigned the Restricted_ User administrator profile.

Buy Now
Questions 24

How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

Options:

A.

Set the ADOM mode to Advanced

B.

Assign the ADOMs to the administrator’s account

C.

Configure trusted hosts

D.

Assign the default Super_User administrator profile

Buy Now
Questions 25

Which statements are correct regarding FortiAnalyzer reports? (Choose two)

Options:

A.

FortiAnalyzer provides the ability to create custom reports.

B.

FortiAnalyzer glows you to schedule reports to run.

C.

FortiAnalyzer includes pre-defined reports only.

D.

FortiAnalyzer allows reporting for FortiGate devices only.

Buy Now
Questions 26

Why must you wait for several minutes before you run a playbook that you just created?

Options:

A.

FortiAnalyzer needs that time to parse the new playbook.

B.

FortiAnalyzer needs that time to back up the current playbooks.

C.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

D.

FortiAnalyzer needs that time to debug the new playbook.

Buy Now
Questions 27

FortiAnalyzer centralizes which functions? (Choose three)

Options:

A.

Network analysis

B.

Graphical reporting

C.

Content archiving / data mining

D.

Vulnerability assessment

E.

Security log analysis / forensics

Buy Now
Questions 28

Consider the CLI command:

FCP_FAZ_AD-7.4 Question 28

What is the purpose of the command?

Options:

A.

To add a unique tag to each log to prove that it came from this FortiAnalyzer

B.

To add the MD5 hash value and authentication code

C.

To add a log file checksum

D.

To encrypt log communications

Buy Now
Questions 29

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?

Options:

A.

Antivirus logs

B.

Web filter logs

C.

IPS logs

D.

Application control logs

Buy Now
Questions 30

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 30

The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.

Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)

Options:

A.

It creates a wildcard administrator using LDAP and RADIUS servers.

B.

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.

It allows administrators to use two-factor authentication.

Buy Now
Questions 31

An administrator has configured the following settings:

config system global

set log-checksum md5-auth

end

What is the significance of executing this command?

Options:

A.

This command records the log file MD5 hash value.

B.

This command records passwords in log files and encrypts them.

C.

This command encrypts log transfer between FortiAnalyzer and other devices.

D.

This command records the log file MD5 hash value and authentication code.

Buy Now
Questions 32

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 32

Which statement is correct regarding the event displayed?

Options:

A.

The security risk was blocked or dropped.

B.

The security event risk is considered open.

C.

An incident was created from this event.

D.

The risk source is isolated.

Buy Now
Questions 33

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

Options:

A.

A local wildcard administrator account

B.

A remote LDAP server

C.

A trusted host profile that restricts access to the LDAP group

D.

An administrator group

Buy Now
Questions 34

Which statement is true about sending notifications with incident updates?

Options:

A.

Notifications can be sent only when an incident is updated or deleted.

B.

If you use multiple fabric connectors, all connectors must have the same notification settings

C.

Notifications can be sent only by email.

D.

You can send notifications to multiple external platforms

Buy Now
Questions 35

Which two purposes does the auto cache setting on reports serve? (Choose two.)

Options:

A.

It automatically updates the hcache when new logs arrive.

B.

It provides diagnostics on report generation time.

C.

It reduces the log insert lag rate.

D.

It reduces report generation time.

Buy Now
Questions 36

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the

purpose of running the following CLI command?

execute sql-local rebuild-adom

Options:

A.

To reset the disk quota enforcement to default

B.

To remove the analytics logs of the device from the old database

C.

To migrate the archive logs to the new ADOM

D.

To populate the new ADOM with analytical logs for the moved device, so you can run reports

Buy Now
Questions 37

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 37

The exhibit shows the creation of a new administrator on FortiAnalyzer.

What are two effects of enabling the choice Match all users on remote server when configuring a new administrator? (Choose two.)

Options:

A.

It allows user accounts in the LDAP server to use two-factor authentication.

B.

It creates a wildcard administrator using an LDAP server.

C.

User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.

D.

Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.

Buy Now
Questions 38

Which statement is true regarding Macros on FortiAnalyzer?

Options:

A.

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

B.

Macros are supported only on the FortiGate ADOM.

C.

Macros are useful in generating excel log files automatically based on the reports settings.

D.

Macros are predefined templates for reports and cannot be customized.

Buy Now
Questions 39

Which two statements about deleting ADOMs are true? (Choose two.)

Options:

A.

Logs must be purged or migrated before you can delete an ADOM.

B.

ADOMs with registered devices cannot be deleted.

C.

Default ADOMs cannot be deleted.

D.

The status of the ADOMs must be unlocked.

Buy Now
Questions 40

The connection status of a new device on FortiAnalyzer is listed as Unauthorized.

What does that status mean?

Options:

A.

It is a device whose registration has not yet been accepted in FortiAnalvzer.

B.

It is a device that has not yet been assigned an ADOM.

C.

It is a device that is waiting for you to configure a pre-shared key.

D.

It is a device that FortiAnalvzer does not support.

Buy Now
Questions 41

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?

Options:

A.

The traffic destination is another FortiGate in the fabric.

B.

The upstream FortiGate is configured to do NAT

C.

Log redundancy is configured in the fabric.

D.

The downstream device cannot connect to FortiAnalyzer.

Buy Now
Questions 42

Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data

policy.

What is the most likely problem?

Options:

A.

CPU resources are too high

B.

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.

The total disk space is insufficient and you need to add other disk

D.

The ADOM disk quota is set too low, based on log rates

Buy Now
Questions 43

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 43

The exhibit shows the creation of a new administrator on FortiAnalyzer. The new account uses the credentials stored on an LDAP server.

Why would an administrator configure a password for this account?

Options:

A.

This password is used if the authentication server becomes unreachable.

B.

This password authenticates FortiAnalyzer aqainst the LDAP server.

C.

This password is set to comply with FortiAnalvzer password policy

D.

This password is required because this is a restricted user.

Buy Now
Questions 44

Which statement about the FortiSIEM management extension is correct?

Options:

A.

Allows you to manage the entire life cycle of a threat or breach.

B.

Its use of the available disk space is capped at 50%.

C.

It requires a licensed FortiSIEM supervisor.

D.

It can be installed as a dedicated VM.

Buy Now
Questions 45

Why run the command diagnose sql status sqlplugind?

Options:

A.

To list the current SQL processes running

B.

To check what is the database log insertion status

C.

To display the SOL query connections and hcache status

D.

To view the current hcache size

Buy Now
Questions 46

Refer to the exhibit.

FCP_FAZ_AD-7.4 Question 46

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.

This feature allows you to build a chart under FortiView.

D.

You can add charts to generated reports using this feature.

Buy Now
Questions 47

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

Options:

A.

ADOMs are enabled by default.

B.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.

All administrators can create ADOMs--not just the admin administrator.

Buy Now
Questions 48

What is the purpose of the FortiAnalyzer command diagnose system print netstat?

Options:

A.

It provides network statistics for active connections, including the protocols, IP addresses, and connection states.

B.

It provides the complete routing table, including directly connected routes.

C.

It provides the static DNS table, including the host names and their expiration timers.

D.

It provides NTP server information, including server IPs. stratum, poll time, and latency.

Buy Now
Questions 49

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Options:

A.

Both modes, forwarding and aggregation, support encryption of logs between devices.

B.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

C.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

D.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Buy Now
Questions 50

The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.

What can be the reason for this failure?

Options:

A.

FortiAnalyzer is in an HA cluster.

B.

ADOM mode should be set to advanced, in order to register the FortiClient EMS device.

C.

ADOMs are not enabled on FortiAnalyzer.

D.

A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

Buy Now
Questions 51

What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?

Options:

A.

Log correlation

B.

Host name resolution

C.

Log collection

D.

Real-time forwarding

Buy Now
Exam Code: FCP_FAZ_AD-7.4
Exam Name: FCP - FortiAnalyzer 7.4 Administrator
Last Update: Dec 4, 2024
Questions: 171

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now FCP_FAZ_AD-7.4 testing engine

PDF (Q&A)

$42  $104.99
buy now FCP_FAZ_AD-7.4 pdf