Professional Documents
Culture Documents
NSE5 - FAZ-7.2 Answer
NSE5 - FAZ-7.2 Answer
NSE5 - FAZ-7.2 Answer
Fortinet
NSE5_FAZ-7.2 Exam
Fortinet NSE 5 - FortiAnalyzer 7.2
https://www.certshero.com
Questions & Answers PDF Page 2
Question: 1
Which two methods are the most common methods to control and restrict administrative access on
FortiAnalyzer? (Choose two.)
A. Virtual domains
C. Trusted hosts
D. Security Fabric
Answer: BC
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-
guide/219292/administrator-profiles
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/581222/trusted-
hosts
Question: 2
https://www.certshero.com
Questions & Answers PDF Page 3
A. logfiled
B. oftpd
C. sqlplugind
D. miglogd
Answer: A
Explanation:
Question: 3
end
C. This command encrypts log transfer between FortiAnalyzer and other devices.
D. This command records the log file MD5 hash value and authentication code.
Answer: D
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 4
Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.6/administration-
guide/410387/appendix-b-log-integrity-and-secure-log-transfer
Question: 4
Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report
externally?
(Choose two.)
A. Mail server
B. Output profile
C. SFTP server
D. Report scheduling
Answer: AB
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-
guide/598322/creating-output-profiles
Question: 5
For which two purposes would you use the command set log checksum? (Choose two.)
A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP
server
https://www.certshero.com
Questions & Answers PDF Page 5
Answer: A, B
Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the
config
system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp,
and
authentication code when the log is rolled and archived and when the log is uploaded (if that feature
is
enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer
to an
Question: 6
https://www.certshero.com
Questions & Answers PDF Page 6
D. Raw logs are reaching FortiAnalyzer faster than they can be indexed
Answer: D
Explanation:
Question: 7
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on
https://www.certshero.com
Questions & Answers PDF Page 7
B. Downgrade your RAID level, replace the disk, and then upgrade your RAID level
C. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running
Answer: A
Explanation:
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-
FortiAnalyzer/ta-
p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20
hot%20swapping
Question: 8
What does the status Initializing indicate about what the FortiAnalyzer is currently doing?
B. FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
C. FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
Answer: C
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 8
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-
dbef-11e9-
8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
Question: 9
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not
resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional
performance impact to FortiAnalyzer?
A. Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
Answer: D
Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get
both source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP
resolution does destination IPs only”
Question: 10
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage
Info
https://www.certshero.com
Questions & Answers PDF Page 9
Answer: D
Explanation:
Question: 11
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into
FortiAnalyzer?
Answer: A
Explanation:
Question: 12
https://www.certshero.com
Questions & Answers PDF Page 10
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is
temporarily unavailable?
A. FortiAnalyzer uses log fetching to retrieve the logs when back online
Answer: B
Explanation:
Question: 13
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is
the
B. To remove the analytics logs of the device from the old database
D. To populate the new ADOM with analytical logs for the moved device, so you can run reports
https://www.certshero.com
Questions & Answers PDF Page 11
Answer: D
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 128: Are the device analytics logs required for
reports in the new ADOM? If so, rebuild the new ADOM database
Question: 14
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the
Answer: D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2F
FortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.
If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support
hardware RAID, the hard disk can be replaced while the unit is still running – known as hot swapping.
On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the
https://www.certshero.com
Questions & Answers PDF Page 12
hard disk.
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-
Disk-on-FortiAnalyzer/ta-
p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20
hot%20swapping
Question: 15
If you upgrade the FortiAnalyzer firmware, which report element can be affected?
A. Custom datasets
B. Report scheduling
C. Report settings
D. Output profiles
Answer: A
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports
Question: 16
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy
setting for
https://www.certshero.com
Questions & Answers PDF Page 13
Answer: B
Explanation:
Reference: https://forum.fortinet.com/tm.aspx?m=138806
Question: 17
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected
hosts?
A. Antivirus logs
C. IPS logs
Answer: B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_pa
ge.htm?
TocPath=FortiView%7CUsing%20FortiView%7C_____6
https://www.certshero.com
Questions & Answers PDF Page 14
Question: 18
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to
authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
D. An administrator group
Answer: A, B
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567
Question: 19
When you perform a system backup, what does the backup configuration contain? (Choose two.)
A. Generated reports
B. Device list
D. System information
Answer: B, D
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 15
https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm
Reference: https://help.fortinet.com/fauth/5-
2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm
Question: 20
Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate
reports?
A. FROM
B. LIMIT
C. WHERE
D. ORDER BY
Answer: A
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500
Question: 21
https://www.certshero.com
Questions & Answers PDF Page 16
Answer: C
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.4/administration-
guide/148744/creating-datasets
Question: 22
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the
data
policy.
B. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
C. The total disk space is insufficient and you need to add other disk
D. The ADOM disk quota is set too low, based on log rates
Answer: D
Explanation:
Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-
FAZ/1100_Storage/0017_Deleted%20device%
20logs.htm
https://www.certshero.com
Questions & Answers PDF Page 17
Question: 23
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer?
(Choose
two.)
A. License type
B. Disk size
C. Total quota
D. RAID level
Answer: B, D
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-
allocation
Question: 24
https://www.certshero.com
Questions & Answers PDF Page 18
What does the 1000MB maximum for disk utilization refer to?
Answer: B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-
log-storage-policy
Question: 25
You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens
when you rebuild the new ADOM database?
Answer: C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40383
https://www.certshero.com
Questions & Answers PDF Page 19
Question: 26
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device
log
settings?
A. The log file is stored as a raw log and is available for analytic support.
Answer: B
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-
6cf4-11e9-
81a4-00505692583a/FortiAnalyzer-6.0.5-Administration-Guide.pdf
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/355632/log-browse
Question: 27
https://www.certshero.com
Questions & Answers PDF Page 20
Answer: A
Explanation:
https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensiv
e,%2C%20performance%20improvement%2C%20or%20both.
Question: 28
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe
from
A. Log upload
B. Indicators of Compromise
D. Log fetching
Answer: D
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/651442/fetcher-
management
Question: 29
https://www.certshero.com
Questions & Answers PDF Page 21
A. From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk
number> command to expand the storage
B. From the VM host manager, expand the size of the existing virtual disk
C. From the VM host manager, expand the size of the existing virtual disk and use the # execute
format disk command to reformat the disk
D. From the VM host manager, add an additional virtual disk and rebuild your RAID array
Answer: A
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40848
Question: 30
A. Logs are forwarded as they are received and content files are uploaded at a scheduled time.
B. Logs and content files are stored and uploaded at a scheduled time.
Answer: B
Explanation:
https://www.fortinetguru.com/2020/07/log-forwarding-fortianalyzer-fortios-6-2-3/
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/420493/modes
https://www.certshero.com
Questions & Answers PDF Page 22
Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/63238/what-is-the-
difference-between-log-forward-and-log-aggregation-modes
Question: 31
Answer: B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/717578/assigning-
administrators-to-an-adom
Question: 32
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required?
(Choose two.)
https://www.certshero.com
Questions & Answers PDF Page 23
Answer: AD
Explanation:
Pg 70: “after you add and register a FortiGate device with the FortiAnalyzer unit, you must also
ensure that the FortiGate device is configured to send logs to the FortiAnalyzer unit.”
https://docs.fortinet.com/uploaded/files/4614/FortiAnalyzer-5.4.6-Administration%20Guide.pdf
Pg 45: “ADOMs must be enabled to support the logging and reporting of NON-FORTIGATE devices,
such as FortiCarrier, FortiClientEMS, FortiMail, FortiWeb, FortiCache, and FortiSandbox.”
Question: 33
What can the CLI command # diagnose test application oftpd 3 help you to determine?
Answer: A
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/395556/test#test_application
Question: 34
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search
result?
https://www.certshero.com
Questions & Answers PDF Page 24
A. Chart Builder
C. Dataset Library
D. Custom View
Answer: B
Explanation:
Question: 35
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not
resolving to
a hostname. How can you resolve the source and destination IPs, without introducing any additional
D. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve
Answer: B
Explanation:
Question: 36
https://www.certshero.com
Questions & Answers PDF Page 25
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external
server?
(Choose two.)
B. Mail server
C. Output profile
D. Report scheduling
Answer: AC
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-guide/598322/creating-
output-profiles
Question: 37
Why is the total quota less than the total system storage?
https://www.certshero.com
Questions & Answers PDF Page 26
B. Some space is reserved for system use, such as storage of compression files, upload files, and
temporary report files
Answer: B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-
allocation
Question: 38
What purposes does the auto-cache setting on reports serve? (Choose two.)
Answer: AB
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.0.0/administration-
guide/282280/enabling-autocache
Question: 39
https://www.certshero.com
Questions & Answers PDF Page 27
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
A. Output profiles
B. Report settings
C. Report scheduling
D. Custom datasets
Answer: D
Explanation:
Question: 40
How does FortiAnalyzer retrieve specific log data from the database?
Answer: A
Explanation:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/137bb60e-ff37-11e8-
8524-f8bc1258b856/fortianalyzer-fortigate-sql-technote-40-mr2.pdf
Question: 41
https://www.certshero.com
Questions & Answers PDF Page 28
Answer: A
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/747268/configuring-wildcard-admin-
accounts
Question: 42
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all
registered
devices should:
A. Use DNS
Answer: D
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 29
Question: 43
A. logfiled
B. sqlplugind
C. oftpd
D. miglogd
Answer: D
Explanation:
Reference: https://forum.fortinet.com/tm.aspx?m=143106
Question: 44
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?
Answer: D
Explanation:
Question: 45
https://www.certshero.com
Questions & Answers PDF Page 30
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
Answer: C
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/186508/trusted-hosts
Question: 46
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in
your data policy. What is the most likely problem?
A. The total disk space is insufficient and you need to add other disk.
C. The ADOM disk quota is set too low based on log rates.
D. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.
Answer: C
Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG
FAZ/1100_Storage/0017_Deleted%20device%20logs.htm
https://www.certshero.com
Questions & Answers PDF Page 31
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/87802/automatic-
deletion
Question: 47
C. To add a unique tag to each log to prove that it came from this FortiAnalyzer
Answer: A
Explanation:
https://docs2.fortinet.com/document/fortianalyzer/6.0.3/cli-reference/849211/global
Question: 48
https://www.certshero.com
Questions & Answers PDF Page 32
C. FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
Answer: B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-
receive-rate-widget
Question: 49
What remote authentication servers can you configure to validate your FortiAnalyzer administrator
logons? (Choose three)
A. RADIUS
B. Local
https://www.certshero.com
Questions & Answers PDF Page 33
C. LDAP
D. PKI
E. TACACS+
Answer: ACE
Explanation:
Question: 50
What statements are true regarding disk log quota? (Choose two)
A. The FortiAnalyzer stops logging once the disk log quota is met.
B. The FortiAnalyzer automatically sets the disk log quota based on the device.
C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
D. The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based
on the reserved system space.
Answer: CD
Explanation:
Question: 51
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters?
(Choose two)
C. FortiAnalyzer receives bgs only from the primary device in the cluster.
https://www.certshero.com
Questions & Answers PDF Page 34
D. FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it
automaticaly discovers the other devices.
Answer: AB
Explanation:
Question: 52
A. Standalone
B. Manager
C. Analyzer
D. Collector
Answer: CD
Explanation:
Question: 53
https://www.certshero.com
Questions & Answers PDF Page 35
Answer: A B
Explanation:
Question: 54
A. FortiView
B. Event Management
C. Device Manger
D. Reporting
Answer: B
Explanation:
Question: 55
A. Network analysis
B. Graphical reporting
D. Vulnerability assessment
Answer: BCE
https://www.certshero.com
Questions & Answers PDF Page 36
Explanation:
Question: 56
By default, what happens when a log file reaches its maximum file size?
Answer: C
Explanation:
Question: 57
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)
B. ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.
C. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per
ADOM.
Answer: B,C
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 37
Question: 58
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate
with SSL? (Choose two.)
Answer: A,D
Explanation:
Question: 59
B. Cloud-based management
C. Reports
Answer: A,C
Explanation:
Question: 60
https://www.certshero.com
Questions & Answers PDF Page 38
What statements are true regarding the "store and upload" log transfer option between
FortiAnalyzer and FortiGate? (Choose three.)
A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.
B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload
option.
C. Both secure communications methods (SSL and IPsec) allow the store and upload option.
Answer: B,C,D
Explanation:
Question: 61
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate
with IPsec? (Choose two.)
A. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated.
Answer: BD
Explanation:
Option B is correct because you must establish an IPsec tunnel ID and pre-shared key to secure the
communication between FortiAnalyzer and FortiGate with IPsec12. The tunnel ID is a unique
identifier for each tunnel and the pre-shared key is a secret passphrase that authenticates the peers.
https://www.certshero.com
Questions & Answers PDF Page 39
Option D is correct because IPsec is only enabled through the CLI on FortiAnalyzer1. You cannot
configure IPsec settings through the GUI on FortiAnalyzer.
Question: 62
Which two statements about log forwarding are true? (Choose two.)
Answer: CD
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/420493/modes
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/621804/log-
forwarding
Question: 63
Which two methods can you use to send event notifications when an event occurs that matches a
configured
A. SMS
B. Email
https://www.certshero.com
Questions & Answers PDF Page 40
C. SNMP
D. IM
Answer: BC
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/
FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_handlers.htm
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-
2/Content/FortiAnalyzer_Admin_Guide/1800_Events/0200_Event_handlers/0600_Create_event_ha
ndlers.htm
Question: 64
A. To add a unique tag to each log to prove that it came from this FortiAnalyzer
https://www.certshero.com
Questions & Answers PDF Page 41
Answer: C
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/849211/global
Question: 65
What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?
A. Log correlation
C. Log collection
D. Real-time forwarding
Answer: A
Explanation:
Question: 66
C. It can include all Fortinet devices that are part of the same Security Fabric
D. It can include only FortiGate devices that are part of the same Security Fabric
https://www.certshero.com
Questions & Answers PDF Page 42
Answer: AC
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/448471/creating-a-
security-fabric-adom
Question: 67
B. It specifies the report layout which contains predefined texts, charts, and macros
C. It specifies report settings which contains time period, device selection, and schedule
Answer: B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMGFAZ/
2300_Reports/0010_Predefined_reports.htm#:~:text=FortiAnalyzer%20includes%20a%20number%
20of,create%20and%2For%20build%20reports.&text=A%20template%20populates%20the%20Layou
t,that%
20is%20to%20be%20created.
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-
FAZ/2300_Reports/0010_Predefined_reports.htm
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.8/administration-
guide/618245/predefined-reports-templates-charts-and-macros
https://www.certshero.com
Questions & Answers PDF Page 43
Question: 68
For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)
A. Principal
B. Service provider
C. Identity collector
D. Identity provider
Answer: BD
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/new-features/957811/saml-
adminauthentication#:~:text=for%20the%20administrator.-
,FortiAnalyzer%20can%20play%20the%20role%20of%
20the%20identity%20provider%20(IdP,external%20identity%20provider%20is%20available.
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/981386/saml-admin-
authentication
In FortiAnalyzer, SAML can be enabled across all Security Fabric devices, enabling smooth movement
between devices for the administrator by means of single sign-on (SSO).
FortiAnalyzer can play the role of the identity provider (IdP), the service provider (SP), or Fabric SP,
when an external identity provider is available.
https://www.certshero.com
Questions & Answers PDF Page 44
FortiAnalyzer_7.0_Study_Guide-Online pag. 48
Question: 69
Which two purposes does the auto cache setting on reports serve? (Choose two.)
Answer: AD
Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/384416/how-auto-
cache-works
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/86926/enabling-auto-
cache
Question: 70
A. Compressed logs, which are also known as archive logs, are considered to be offline logs.
B. When you restart FortiAnalyzer. all stored logs are considered to be offline logs.
D. Logs that are collected from offline devices after they boot up.
https://www.certshero.com
Questions & Answers PDF Page 45
Answer: A
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-
6/Content/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_anal
ytics_logs.htm
Logs are received and saved in a log file on the FortiAnalyzer disks. Eventually, when the log file
reaches a configured size, or at a set schedule, it is rolled over by being renamed. These files (rolled
or otherwise) are known as archive logs and are considered offline so they don’t offer immediate
analytic support. Combined, they count toward the archive quota and retention limits, and they are
deleted based on the ADOM data policy. FortiAnalyzer_7.0_Study_Guide-Online page 140
Question: 71
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)
A. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two
roles at the same time with the same FortiAnalyzer devices at the other end.
B. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware
version.
C. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for
redundancy.
D. Log fetching allows the administrator to run queries and reports against historical data by
retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer
device.
Answer: B, D
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 46
Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.1/administration-
guide/651442/fetcher-management
Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs
of specified devices from another FortiAnalyzer, which you can then run queries or reports on for
forensic analysis.
The FortiAnalyzer device that fetches logs operates as the fetch client, and the other FortiAnalyzer
device that sends logs operates as the fetch server. Log fetching can happen only between two
FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer
device can perform either the fetch server or client role, and it can perform two roles at the same
time with different FortiAnalyzer devices at the other end.
Question: 72
end
A. Use this command only if the source IP addresses are not resolved on FortiGate.
C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on
Forti Analyzer.
https://www.certshero.com
Questions & Answers PDF Page 47
Answer: D
Explanation:
Reference: https://community.fortinet.com/t5/Fortinet-Forum/Hostnames-in-FortiAnalyzer/m-
p/95351?m=156950
Question: 73
Which two statements are true regarding ADOM modes? (Choose two.)
B. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance
mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
C. In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to
multiple FortiAnalyzer ADOMs.
Answer: CD
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-
FAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm
Question: 74
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
https://www.certshero.com
Questions & Answers PDF Page 48
A. Both modes, forwarding and aggregation, support encryption of logs between devices.
B. In aggregation mode, you can forward logs to syslog and CEF servers as well.
C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device
at a scheduled time.
D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Answer: A, C
Explanation:
Question: 75
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the
administrator is not able to generate reports for FortiGate A in ADOM1.
A. Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
B. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
https://www.certshero.com
Questions & Answers PDF Page 49
D. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Answer: B
Explanation:
Reference: https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sql-
local+.htm
Question: 76
A. Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
C. Macros are useful in generating excel log files automatically based on the reports settings.
Answer: A
Explanation:
Question: 77
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)
A. When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs
https://www.certshero.com
Questions & Answers PDF Page 50
C. When in collector mode. FortiAnalyzer supports event management and reporting features.
D. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you
can improve the overall performance of log receiving, analysis, and reporting
Answer: AD
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-
guide/227478/collector-mode
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/312644/analyzer-
collector-collaboration
Question: 78
https://www.certshero.com
Questions & Answers PDF Page 51
The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS
servers.
Which two statements express the significance of enabling “Match all users on remote server” when
configuring a new administrator? (Choose two.)
B. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and
RADIUS.
C. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at
anytime.
Answer: A, B
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 52
Reference: https://docs.fortinet.com/document/fortimanager/7.0.1/administration-
guide/858351/creating-administrators
Question: 79
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see
what activity was performed by that rogue administrator on FortiAnalyzer.
B. Click Task Monitor and view the tasks performed by that administrator.
Answer: B
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.4.1/administration-
guide/792943/task-monitor
Question: 80
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.
https://www.certshero.com
Questions & Answers PDF Page 53
A. FortiAnalyzer is in an HA cluster.
B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
Answer: C
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-
FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm
Question: 81
https://www.certshero.com
Questions & Answers PDF Page 54
Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
D. Enabling auto-cache reduces report generation time for reports that require a long time to
assemble datasets.
Answer: C, D
Explanation:
"Enable auto-cache in the report settings to boost the reporting performance and reduce report
generation time. Scheduled reports have auto-cache enabled already."
https://www.certshero.com
Questions & Answers PDF Page 55
Question: 82
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)
A. FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two
FortiAnalyzer devices in a cluster.
C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or
collector.
Answer: BC
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FMG-
FAZ/4600_HA/0000_HA.htm?TocPath=High%20Availability%7C_____0
FortiAnalyzer HA implementation works only in networks where Virtual Router Redundancy Protocol
(VRRP) is permitted. Therefore it may not be supported by some public cloud infrastructures.
Question: 83
https://www.certshero.com
Questions & Answers PDF Page 56
A. Analytics logs will be moved to ADOM1 from the root ADOM automatically.
B. Archived logs will be moved to ADOM1 from the root ADOM automatically.
D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL
database.
Answer: B, D
Explanation:
Reference: https://community.fortinet.com/t5/Fortinet-Forum/FW-Migration-between-ADOMs/m-
p/32683?m=158008
Question: 84
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer?
(Choose two.)
A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to
FortiAnalyzer.
C. Enable device detection on an interface on the FortiGate devices that are connected to the
FortiAnalyzer device.
Answer: AD
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 57
• A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is
restrictive and only meant to give you an idea of how the feature works.
To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe
your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the
FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.
Ref : https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewing-
compromised-hosts
Question: 85
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered
search results.
B. Export to PDF
Answer: A
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 58
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Creating-a-Custom-report-from-
FortiView-Export-to-Report-Chart/ta-p/190154?externalID=FD40483
Similar to the Chart Builder feature in Log View, you can export a chart from a FortiView. The chart
export includes any filters you set on the FortiView. FortiAnalyzer_7.0_Study_Guide-Online pag. 292.
Question: 86
What can you do on FortiAnalyzer to restrict administrative access from specific locations?
Answer: A
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-
fortigate/582009/system-administrator-best-practices
Question: 87
An administrator fortinet, is able to view logs and perform device management tasks, such as adding
and removing registered devices. However, administrator fortinet is not able to create a mall server
that can be used to send email.
https://www.certshero.com
Questions & Answers PDF Page 59
Answer: A
Explanation:
• Super_User, which, like in FortiGate, provides access to all device and system privileges.
• Standard_User, which provides read and write access to device privileges, but not system
privileges.
• Restricted_User, which provides read access only to device privileges, but not system privileges.
Access
• No_Permissions_User, which provides no system or device privileges. Can be used, for example, to
FortiAnalyzer_7.0_Study_Guide-Online page 42
Question: 88
Which two statements express the advantages of grouping similar reports? (Choose two.)
C. Reduce the number of hcache tables and improve auto-hcache completion time.
https://www.certshero.com
Questions & Answers PDF Page 60
Answer: A, C
Explanation:
Question: 89
B. Logs that roll over when the log file reaches a specific size.
Answer: C
Explanation:
Question: 90
A. The number of times in the logs where end users experienced slowness while accessing resources.
B. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.
C. The amount of time that passes between the time a log was received and when it was indexed on
FortiAnalyzer.
D. The amount of time FortiAnalyzer takes to receive logs from a registered device
Answer: C
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 61
Question: 91
A. In Log View, this feature allows you to build a dataset and chart automatically, based on the
filtered search results.
B. In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log
entries.
Answer: A
Explanation:
Question: 92
Which two statement are true regardless initial Logs sync and Log Data Sync for Ha on FortiAnalyzer?
B. Log Data Sync provides real-time log synchronization to all backup devices.
C. With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its
logs with the backup device.
https://www.certshero.com
Questions & Answers PDF Page 62
D. When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database
with the synchronized logs.
Answer: C, D
Explanation:
Question: 93
Which two statements are true regarding fabric connectors? (Choose two.)
A. Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more
efficient than third-party information from the FortiAnalyzer API.
C. Storage connector service does not require a separate license to send logs to cloud platform.
D. Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3,
Azure Blob , and Google Cloud.
Answer: A, D
Explanation:
Question: 94
What does the disk status Degraded mean for RAID management?
A. One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the
operating system.
B. The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array
fault tolerant.
C. The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard
https://www.certshero.com
Questions & Answers PDF Page 63
Answer: D
Explanation:
Question: 95
Which statement is true when you are upgrading the firmware on an HA cluster made up of two
FortiAnalyzer devices?
A. First, upgrade the secondary device, and then upgrade the primary device.
C. You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not
interrupted while the cluster firmware upgrades.
D. You can perform the firmware upgrade using only a console connection.
Answer: A
Explanation:
3. Wait for the upgrades to complete and verify that all secondary devices joined the cluster.
4. Verify that logs on all secondary devices are synchronized with the primary device.
https://docs.fortinet.com/document/fortianalyzer/7.2.0/upgrade-guide/262607/upgrading-
https://www.certshero.com
Questions & Answers PDF Page 64
fortianalyzer-firmware
Question: 96
B. To use the output of the previous task as the input of the current task
Answer: B
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 242: Output variables allow you to use the output
from a preceding task as an input to the current task.
"Output variables allow you to use the output from a preceding task as an input to the current task."
FortiAnalyzer_7.0_Study_Guide-Online page 242
Question: 97
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
A. System information
C. Report information
D. Database snapshot
https://www.certshero.com
Questions & Answers PDF Page 65
Answer: AC
Explanation:
System information, such as the device IP address and administrative user information.
Device list, such as any devices you configured to allow log access.
Report information, such as any configured report settings, as well as all your custom report details.
These are not the actual reports.
FortiAnalyzer_7.0_Study_Guide-Online pag. 29
• System information, such as the device IP address and administrative user information
• Device list, such as any devices you configured to allow log access
• Report information, such as any configured report settings, as well as all your custom report details.
These are not the actual reports.
Question: 98
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
B. You can import a playbook even if there is another one with the same name in the destination.
C. Playbooks can be exported and imported only within the same FortiAnaryzer.
D. A playbook that was disabled when it was exported, will be disabled when it is imported.
https://www.certshero.com
Questions & Answers PDF Page 66
Answer: B, D
Explanation:
If the imported playbook has the same name as an existing one, FortiAnalyzer will create a new
name that includes a timestamp to avoid conflicts.
Playbooks are imported with the same status they had (enabled or disabled) when they were
exported.
Playbooks set to run automatically should be exported while they are disabled to avoid unintended
runs on the destination.
Question: 99
Which SQL query is in the correct order to query the database in the FortiAnslyzer?
C. SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid
D. FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid
Answer: C
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 259: The main clauses FortiAnalyzer reports use are
as follows:
•FROM
•WHERE
•GROUP BY
https://www.certshero.com
Questions & Answers PDF Page 67
•ORDER BY
• LIMIT
• OFFSET
Accordingly, following the SELECT keyword, the statement must be followed by one or more clauses
in the order in which they appear in the table shown on this slide.
Question: 100
How many events will be added to the incident created after running this playbook?
https://www.certshero.com
Questions & Answers PDF Page 68
Answer: A
Explanation:
Question: 101
A. sqlplugind
B. logfiled
C. miglogd
D. ofrpd
Answer: B
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 121: The logfiled process enforces the log file size
and is also responsible for disk quota enforcement by monitoring the other processes.
Question: 102
https://www.certshero.com
Questions & Answers PDF Page 69
Answer: A
Explanation:
Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more
actions need to be taken by the security team or not.
Unhandled: The security event risk is not mitigated or contained, so it is considered open.
Question: 103
A. A FortiGate ADOM
C. A pre-shared key
https://www.certshero.com
Questions & Answers PDF Page 70
Answer: D
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 93: The fourth method uses the Fortinet Security
Fabric authorization process. This method requires that both FortiGate and FortiAnalyzer are running
version 7.0.1 or higher. It is also required that the FortiGate administrator has valid credentials to log
in on FortiAnalyzer and complete the registration.
https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/13897/adding-a-
fortigate-using-security-fabric-authorization
Question: 104
A)
https://www.certshero.com
Questions & Answers PDF Page 71
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation:
Question: 105
https://www.certshero.com
Questions & Answers PDF Page 72
Laptopt is used by several administrators to manage FortiAnalyzer. You want to configure a generic
text filter that matches all login attempts to the web interface generated by any user other than
"admin" and coming from Laptop1:
Answer: A
Explanation:
On there the task was to create a filter for failed logins from any other location but the local
computer: "Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices
with an IP address that is not the one configured on the Local-Client computer."
Question: 106
If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?
https://www.certshero.com
Questions & Answers PDF Page 73
Answer: D
Explanation:
In the case of a primary device failure, FortiAnalyzer HA uses the following rules to select a new
primary:
• All cluster devices are assigned a priority from 80 to 120. The default priority is 100. If the primary
device
becomes unavailable, the device with the highest priority is selected as the new primary device. For
example, a device with a priority of 110 is selected over a device with a priority of 100.
• If multiple devices have the same priority, the device whose primary IP address has the greatest
value is
selected as the new primary device. For example, 123.45.67.124 is selected over 123.45.67.123.
• If a new device with a higher priority or a greater value IP address joins the cluster, the new device
does
FortiAnalyzer_7.0_Study_Guide-Online page 62
Question: 107
What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware
RAID?
https://www.certshero.com
Questions & Answers PDF Page 74
C. Run execute format disk to format and restart the FortiAnalyzer device.
Answer: A
Explanation:
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-
FAZ/0700_RAID/0800_Swapping%20Disks.htm#:~:text=If%20a%20hard%20disk%20on,to%20exchan
ging%20the%20hard%20disk.
Question: 108
B. If you use multiple fabric connectors, all connectors must have the same notification settings
Answer: D
Explanation:
You can add more than one fabric connector, each with the same or different notification settings.
The receiving side of the connector must be configured for the notifications to be sent successfully.
https://www.certshero.com
Questions & Answers PDF Page 75
send notifications to ITSM platforms when a new incident is created or for any subsequent updates.
Question: 109
Answer: D
Explanation:
Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more
actions need to be taken by the security team or not.
Unhandled: The security event risk is not mitigated or contained, so it is considered open.
https://www.certshero.com
Questions & Answers PDF Page 76
Question: 110
A play book contains five tasks in total. An administrator executed the playbook and four out of five
tasks finished successfully, but one task failed. What will be the status of the playbook after its
execution?
A. Success
B. Failed
C. Running
D. Upstream_failed
Answer: B
Explanation:
Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor.
FortiAnalyzer_7.0_Study Guide page No: 247
Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor. A
failed status, however, does not mean that all tasks failed. Some individual actions may have been
completed successfully.
Question: 111
https://www.certshero.com
Questions & Answers PDF Page 77
Answer: C
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.4/administration-
guide/148744/creating-datasets
Datasets: Structured Query Language (SQL) SELECT queries that extract specific data from the
database
Question: 112
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing
HA cluster.
https://www.certshero.com
Questions & Answers PDF Page 78
C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
D. After joining to the cluster, this FortiAnalyzer will keep an updated log database.
Answer: B
Explanation:
"If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a
new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit."
(https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104)
Question: 113
When configuring the FortiGate side, which type of trigger must be used so that the actions in an
automation stitch are available in the FortiOS connector?
B. Incoming webhook
Answer: B
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 79
4. The event triggers the execution of a playbook in FortiAnalyzer, which sends a webhook call to
5. FortiGate runs the automation stitch with the corrective or preventive actions"
In order to see the actions related to the FOS connector, you must enable an automation rule using
the Incoming Webhook Call trigger on the FortiGate side. FortiAnalyzer_7.0_Study Guide page no
233
Question: 114
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network
security?
A. Incidents dashboards
B. Threat hunting
C. FortiView Monitor
Answer: B
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 80
Question: 115
What must you consider when using log fetching? (Choose two.)
A. The fetch client can retrieve logs from devices that are not added to its local Device Manager
B. You can use filters to include only logs from a single device.
C. The fetching profile must include a user with the Super_User profile.
D. The archive logs retrieved from the server become archive logs in the client.
Answer: B, C
Explanation:
Question: 116
Which two statements are true regarding the outbreak detection service? (Choose two.)
Answer: C, D
Explanation:
Question: 117
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
https://www.certshero.com
Questions & Answers PDF Page 81
C. When new logs are received, the hard-cache data is updated automatically.
Answer: C, D
Explanation:
Question: 118
Why must you wait for several minutes before you run a playbook that you just created?
C. FortiAnalyzer needs that time to ensure there are no other playbooks running.
Answer: A
Explanation:
Question: 119
https://www.certshero.com
Questions & Answers PDF Page 82
Answer: C
Explanation:
Question: 120
Answer: C
Explanation:
Question: 121
Which item must you configure on FortiAnalyzer to email generated reports automatically?
A. Output profile
B. Report scheduling
C. SFTP server
D. SNMP server
Answer: A
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 83
Question: 122
Which statement about the FortiSOAR management extension is correct?
Answer: D
Explanation:
Question: 123
Answer: C
Explanation:
Question: 124
https://www.certshero.com
Questions & Answers PDF Page 84
B. You do not need an additional license to send logs to the cloud platform.
D. Using fabric connectors is more efficient than using third-party polling with API.
Answer: A, C
Explanation:
Question: 125
Answer: C
Explanation:
Question: 126
https://www.certshero.com
Questions & Answers PDF Page 85
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic
text filter that matches all login attempts to the web interface generated by any user other than
"admin", and coming from Laptop1.
Answer: D
Explanation:
Question: 127
After generating a report, you notice the information you were expecting to see is not included in it.
What are two possible reasons for this scenario? (Choose two.)
https://www.certshero.com
Questions & Answers PDF Page 86
B. The logfiled service has not indexed all the expected logs.
Answer: B, C
Explanation:
Question: 128
A. They limit which logs are checked for matches by the other filters.
B. They can filter the logs before they are processed by FortiAnalyzer
Answer: A
Explanation:
Question: 129
https://www.certshero.com
Questions & Answers PDF Page 87
Answer: A
Explanation:
Question: 130
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks
finish successfully, but one task fails. What will be the status of the playbook after it is run?
A. Running
B. Failed
C. Upstream_failed
D. Success
Answer: B
Explanation:
Question: 131
Answer: B
Explanation:
Question: 132
https://www.certshero.com
Questions & Answers PDF Page 88
Answer: D
Explanation:
Question: 133
https://www.certshero.com
Questions & Answers PDF Page 89
B. To build a dataset and chart automatically, based on the filtered search results
Answer: B
Explanation:
Question: 134
What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a
blocklisted IP address?
Answer: A
Explanation:
Question: 135
https://www.certshero.com
Questions & Answers PDF Page 90
Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?
Answer: C
Explanation:
Question: 136
https://www.certshero.com
Questions & Answers PDF Page 91
Answer: C
Explanation:
Question: 137
https://www.certshero.com
Questions & Answers PDF Page 92
Answer: A
Explanation:
https://www.certshero.com
Questions & Answers PDF Page 93
https://www.certshero.com