FortiAnalyzer 6.4 Analyst

Which two items are downloaded automatically by the Outbreak Detection Service? (Choose two.). Customized playbooks. Incident templates. Event handlers. Report templates.

What are the possible IOC verdicts that the FortiAnalyzer can assign? (Choose two.). Malicious. Clean. Suspicious. Infected.

Which database language does FortiAnalyzer support for the purposes of logging and reporting?. XML. SQL. SSH. LDAP.

An administrator has been tasked with reviewing logs on FortiAnalyzer to see if a FortiGate has signs of high memory usage. Which logs should the administrator review?. Security logs. Incident logs. Event logs. Traffic logs.

What are the two elements that comprise a chart? (Choose two.). Reports. Datasets. Templates. Format.

Which two connectors on the FortiAnalyzer are set up by default? (Choose two.). VirusTotal connector. EMS connector. FortiOS connector. FortiGuard connector. Local connector.

Which statement accurately describes FortiView on FortiAnalyzer?. It requires you to configure a custom view. It displays data from archive logs and analytics logs. It offers multiple dashboards for data analysis. It cannot be disabled.

What is the purpose of output variables?. To display details of the connectors used by a playbook. To use the output of the previous task as the input of the current task. To initialize the connected trigger, either in sequence or in parallel. To use information from the trigger to filter the action in the task.

What must be configured to send notifications about incident updates?. Output profile. Back-end email server. Fabric connector. A playbook using an Incident_Trigger.

What are the two components that a playbook must have? (Choose two.). End loop. Condition. Trigger. Task.

When generating reports on FortiAnalyzer, macros can be used to include additional data. Which two statements about macros are true? (Choose two.). Macros are supported on FortiGate ADOMs only. Macros are abbreviated dataset queries. Macros cannot be customized. Macros do not need to be associated with a chart.

What is a common filter that can be applied before every rule configured in an event handler?. Log subtype. Aggregation threshold. Notification. Data selector.

Which FortiAnalyzer licensed service offers a suite of features such as third-pary log parsers, advanced correlation rules, automation connectors,incident response playbooks, and premium reports?. SOC automation service. Outbreak detection. FortiView. FortiAnalyzer fabric.

What are the two modes to filter search results? (Choose two.). Cache mode. Filter mode. Quick mode. Text mode.

It is a best practice to upload FortiAnalyzer local logs to a remote server. Which two remote servers are supported for the upload? (Choose two.). FTP. TFTP. UDP. SFTP.

Refer to the exhibit. What does the dataset in the exhibit extract?. Top malware by count. Top threats. Threat attacks by severity. Security applications by bandwidth.