FCP_FAZ_AD-7.4 FCP - FortiAnalyzer 7.4 Administrator Question and Answers

To encrypt log communications and data

To prevent log modification or tampering

To send an identical set of logs to a second logging server

To protect log data from man-in-the-middle attacks

Log type Traffic logs.

Logs that roll over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL.

Raw logs that are compressed and saved to a log file.

To store playbook execution statistics

To use the output of the previous task as the input of the current task

To display details of the connectors used by a playbook

To save all the task settings when a playbook is exported

When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.

Collector mode is the default operating mode.

When in collector mode. FortiAnalyzer supports event management and reporting features.

By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting

RAIDO

RAID 5

RAID1

RAID 6+0

RAID 0+0

To display statistics about the playbook runtime

To use information from the trigger to filter the action in a task

To provide the trigger information to make the playbook start running

To store the start times of playbooks with On_Schedule triggers

It is a device whose registration has not yet been accepted in FortiAnalvzer.

It is a device that has not yet been assigned an ADOM.

It is a device that is waiting for you to configure a pre-shared key.

It is a device that FortiAnalvzer does not support.

Logs must be purged or migrated before you can delete an ADOM.

ADOMs with registered devices cannot be deleted.

Default ADOMs cannot be deleted.

The status of the ADOMs must be unlocked.

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

Make sure all endpoints are reachable by FortiAnalyzer.

Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

It requires a FortiManager configured to manage FortiGate

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

It runs as a docker container on FortiAnalyzer

logfiled

sqlplugind

oftpd

miglogd

Success

Failed

Running

Upstream_failed

By default, Log Data Sync is disabled on all backup devise.

Log Data Sync provides real-time log synchronization to all backup devices.

With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

To add a log file checksum

To add the MD’s hash value and authentication code

To add a unique tag to each log to prove that it came from this FortiAnalyzer

To encrypt log communications

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

FortiAnalyzer is functioning normally

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

Logs will be present in both ADOMs immediately after the move.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.

Remote logging must be enabled on FortiGate

Log encryption must be enabled

ADOMs must be enabled

FortiGate must be registered with FortiAnalyzer

FortiAnalyzer is in an HA cluster.

ADOM mode should be set to advanced, in order to register the FortiClient EMS device.

ADOMs are not enabled on FortiAnalyzer.

A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

oftpd

miglogd

sqlplugind

logfiled

Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.

Must establish an IPsec tunnel ID and pre-shared key.

IPsec cannot be enabled if SSL is enabled as well.

IPsec is only enabled through the CLI on FortiAnalyzer.

After joining the cluster, this FortiAnalyzer will forward received logs to its peers.

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

This FortiAnalyzer is configured to route HA traffic through a gateway.

This FortiAnalyzer will join the existing HA cluster as the secondary.

The disk quota for the FortiAnalyzer model

The disk quota for all devices in the ADOM

The disk quota for each device in the ADOM

The disk quota for the ADOM type

It can be edited and modified as required

It specifies the report layout which contains predefined texts, charts, and macros

It specifies report settings which contains time period, device selection, and schedule

It contains predefined data to generate mock reports

The size of newly generated reports is optimized to conserve disk space.

FortiAnalyzer local cache is used to store generated reports.

When new logs are received, the hard-cache data is updated automatically.

The generation time for reports is decreased.

To upload logs to an SFTP server

To prevent log modification during backup

To send an identical set of logs to a second logging server

To encrypt log communication between devices

Output profiles

Report settings

Report scheduling

Custom datasets

To list the current SQL processes running

To check what is the database log insertion status

To display the SOL query connections and hcache status

To view the current hcache size

The security risk was blocked or dropped.

The security event risk is considered open.

An incident was created from this event.

The risk source is isolated.

Configure trusted hosts for that administrator.

Enable geo-location services on accessible interface.

Configure two-factor authentication with a remote RADIUS server.

Configure an ADOM for respective location.

They limit which logs are checked for matches by the other filters.

They can filter the logs before they are processed by FortiAnalyzer

They download new filters to be used in event handlers.

They are common filters applied simultaneously to all event handlers.

You can only change ADOM modes through CLI.

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

Normal mode is the default ADOM mode.

logfiled

oftpd

sqlplugind

miglogd

System information

Logs from registered devices

Report information

Database snapshot

Both modes, forwarding and aggregation, support encryption of logs between devices.

In aggregation mode, you can forward logs to syslog and CEF servers as well.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

The received rate is almost at its maximum for this device

The sqlplugind daemon is behind in log indexing by two logs

Logs are being dropped

Raw logs are reaching FortiAnalyzer faster than they can be indexed

FortiAnalyzerl and FortiAnalyzer3

FortiAnalyzer1 and FortiAnalyzer2

All devices listed can be members

FortiAnalyzer2 and FortiAnalyzer3

Total quota

License type

RAID level

Disk size

logfiled

miglogd

sqlplugind

oftpd

Log upload

Indicators of Compromise

Log forwarding an aggregation mode

Log fetching

FortiView

Event Management

Device Manger

Reporting

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

FortiAnalyzer distinguishes different devices by their serial number.

FortiAnalyzer receives logs from d devices in a duster.

FortiAnalyzer receives bgs only from the primary device in the cluster.

FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

Allows you to manage the entire life cycle of a threat or breach.

Its use of the available disk space is capped at 50%.

It requires a licensed FortiSIEM supervisor.

It can be installed as a dedicated VM.

A local wildcard administrator account

A remote LDAP server

A trusted host profile that restricts access to the LDAP group

An administrator group

Use static routes

Use administrative profiles

Use trusted hosts

Use secure protocols

Logs that are saved in the active log file with the. log extension.

Logs that are compressed and saved to a log file with the, gz extension.

Logs that are rolled over when the log file reaches a specific size.

Logs that are indexed and stored in the SQL database.

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

Quota enforcement is acting on analytical data before a report is complete

Logs are rolling before the report is run

CPU resources are too high

Disk utilization for archive logs is set for 15 days

SFTP, FTP, or SCP server

Mail server

Output profile

Report scheduling

The hard drive is no longer being used by the RAID controller.

One or more drives are missing from the FortiAnalyzer unit.

The device is writing data to the disk to restore the volume to an optimal state.

FortiAnalyzer determined that the parity data in the disk is not valid.

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

This feature allows you to build a chart under FortiView.

You can add charts to generated reports using this feature.