Consider the CLI command:
#configure system global
set log-checksum md5
what is the purpose of the command? To add a unique tag to each log to prove that it came from this FortiAnalyzer To add the MD5 hash value and authentication code To add a log file checksum To encrypt log communications.
On the RAID management page, the disk status is listed as Initializing.
What does the status Initializing indicate about what the FortiAnalyzer is currently doing? FortiAnalyzer is ensuring that the parity data of a redundant drive is valid FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant FortiAnalyzer is functioning normally.
When working with FortiAnalyzer reports, what is the purpose of a dataset? To provide the layout used for reports To define the chart type to be used To retrieve data from the database To set the data included in templates.
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? SMS Email SNMP IM.
What does the disk status Degraded mean for RAID management? One or more drives are missing from the FortiAnalyzer uni The drive is no longer available to the operating system. The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant. The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state. The hard driveiIs no longer being used by the RAID controller.
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two) FortiAnalyzer distinguishes different devices by their serial number. FortiAnalyzer receives logs from d devices in a duster FortiAnalyzer receives bgs only from the primary device in the cluster. FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer? To properly correlate logs To use real-time forwarding To resolve host names To improve DNS response times.
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.) License type Disk size Total quota RAID level.
Which SQL query is in the correct order to query the database in the FortiAnslyzer? SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl' SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid.
What FortiGate process caches logs when FortiAnalyzer is not reachable? logfiled sqlplugind oftpd miglogd.
What is the purpose of employing RAID with FortiAnalyzer? To introduce redundancy to your log data To provide data separation between ADOMs To separate analytical and archive data To back up your logs.
You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database? FortiAnalyzer resets the disk quota of the new ADOM to default. FortiAnalyzer migrates archive logs to the new ADOM. FortiAnalyzer migrates analytics logs to the new ADOM. FortiAnalyzer removes logs from the old ADOM.
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.) Remote logging must be enabled on FortiGate Log encryption must be enabled ADOMs must be enabled FortiGate must be registered with FortiAnalyzer.
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?
execute sql-local rebuild-adom <new-ADOM-name> To reset the disk quota enforcement to default To remove the analytics logs of the device from the old database To migrate the archive logs to the new ADOM To populate the new ADOM with analytical logs for the moved device, so you can run reports.
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.
What should the administrator do to solve this issue? Use the execute sql-local rebuild-db command to rebuild all ADOM databases. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database. Use the execute sql-report run ADOM1 command to run a report. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
What are offline logs on FortiAnalyzer? Compressed logs, which are also known as archive logs, are considered to be offline logs. When you restart FortiAnalyze all stored logs are considered to be offline logs Logs that are indexed and stored in the SQL database. Logs that are collected from offline devices after they boot up.
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.) Virtual domains Administrative access profiles Trusted hosts Security Fabric.
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings? The log file is stored as a raw log and is available for analytic support. The log file rolls over and is archived. The log file is purged from the database. The log file is overwritten.
An administrator has configured the following settings: config system fortiview settings
set resolve-ip enable end
What is the significance of executing this command? Use this command only if the source IP addresses are not resolved on FortiGate. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
Which statement is true regarding Macros on FortiAnalyzer? Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM. Macros are supported only on the FortiGate ADOM Macros are useful in generating excel log files automatically based on the reports settings. Macros are predefined templates for reports and cannot be customized.
What purposes does the auto-cache setting on reports serve? (Choose two.) To reduce report generation time To automatically update the hcache when new logs arrive To reduce the log insert lag rate To provide diagnostics on report generation time.
What is the purpose of a dataset query in FortiAnalyzer? It sorts log data into tables It extracts the database schema It retrieves log data from the database It injects log data into the database.
How many events will be added to the incident created after running this playbook? Ten events will be added. No events will be added. Five events will be added. Thirteen events will be added.
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable? FortiAnalyzer uses log fetching to retrieve the logs when back online FortiGate uses the miglogd process to cache the logs The logfiled process stores logs in offline mode Logs are dropped.
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer? Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve Configure # set resolve-ip enable in the system FortiView settings Configure local DNS servers on FortiAnalyzer Resolve IP addresses on FortiGate.
Which statement correctly describes the management extensions available on FortiAnalyzer? Management extensions do not require additional licenses. Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor. Management extensions require a dedicated VM for best performance. Management extensions may require a minimum number of CPU cores to run.
What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization? A FortiGate ADOM The FortiGate serial number A pre-shared key Valid FortiAnalyzer credentials.
How do you restrict an administrator’s access to a subset of your organization’s ADOMs? Set the ADOM mode to Advanced Assign the ADOMs to the administrator’s account Configure trusted hosts Assign the default Super_User administrator profile.
Which daemon is responsible for enforcing the log file size? sqlplugind logfiled miglogd ofrpd.
Which two statements are correct regarding the export and import of playbooks? (Choose two.) You can export only one playbook at a time. You can import a playbook even if there is another one with the same name in the destination. Playbooks can be exported and imported only within the same FortiAnaryzer. A playbook that was disabled when it was exported, will be disabled when it is imported.
An administrator has configured the following settings:
config system global
set log-checksum md5-auth end
What is the significance of executing this command? This command records the log file MD5 hash value. This command records passwords in log files and encrypts them. This command encrypts log transfer between FortiAnalyzer and other devices. This command records the log file MD5 hash value and authentication code.
For which two purposes would you use the command set log checksum? (Choose two.) To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server To prevent log modification or tampering To encrypt log communications To send an identical set of logs to a second logging server.
On FortiAnalyzer, what is a wildcard administrator account? An account that permits access to members of an LDAP group An account that allows guest access with read-only privileges An account that requires two-factor authentication An account that validates against any user account on a FortiAuthenticator.
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose? To upload logs to an SFTP server To prevent log modification during backup To send an identical set of logs to a second logging server To encrypt log communication between devices.
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.) In aggregation mode, you can forward logs to syslog and CEF servers as well. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time. Both modes, forwarding and aggregation, support encryption of logs between devices.
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server? (Choose two.) SFTP, FTP, or SCP server Mail server Output profile Report scheduling.
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.
What is the most likely problem? CPU resources are too high Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device The total disk space is insufficient and you need to add other disk The ADOM disk quota is set too low, based on log rates.
What can you do on FortiAnalyzer to restrict administrative access from specific locations? Configure trusted hosts for that administrator. Enable geo-location services on accessible interface Configure two-factor authentication with a remote RADIUS server. Configure an ADOM for respective location.
What are analytics logs on FortiAnalyzer? Log type Traffic logs. Logs that roll over when the log file reaches a specific size Logs that are indexed and stored in the SQL. Raw logs that are compressed and saved to a log file.
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should: Use DNS Use host name resolution Use real-time forwarding Use an NTP server.
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP
group? (Choose two.) A local wildcard administrator account A remote LDAP server A trusted host profile that restricts access to the LDAP group An administrator group.
Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports? FROM LIMIT WHERE ORDER BY.
An administrator fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator
fortinet is not able to create a mall server that can be used to send email.
What could be the problem? Fortinet is assigned the Standard_ User administrator profile. A trusted host is configured. ADOM mode is configured with Advanced mode. Fortinet is assigned the Restricted_ User administrator profile.
What is the purpose of a predefined template on the FortiAnalyzer? It can be edited and modified as required It specifies the report layout which contains predefined texts, charts, and macros It specifies report settings which contains time period, device selection, and schedule It contains predefined data to generate mock reports.
|
