FortiPlop

Which log will generate an event with the status Unhandled?. An AV log with action=quarantine. An IPS log with action=pass. A WebFilter log will action=dropped. An AppControl log with action=blocked.

Which statement about the event displayed is correct?. The risk source is isolated. The security risk was blocked or dropped. The security event risk is considered open. An incident was created from this event.

Which statement describes archive logs on FortiAnalyzer?. Logs that are indexed and stored in the SQL database. Logs a FortiAnalyzer administrator can access in FortiView. Logs compressed and saved in files with the .gz extension. Logs previously collected from devices that are offline.

Which statement about sending notifications with incident update is true?. You can send notifications to multiple external platforms. Notifications can be sent only by email. If you use multiple fabric connectors, all connectors must have the same settings. Notifications can be sent only when an incident is updated or deleted.

Which statement about the FortiSOAR management extension is correct?. It requires a FortiManager configured to manage FortiGate. It runs as a docker container on FortiAnalyzer. It requires a dedicated FortiSOAR device or VM. It does not include a limited trial by default.

Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?. FortiAnalayzer1 and FortiAnalyzer3. FortiAnalyzer1 and FortiAnalyzer2. FortiAnalyzer2 and FortiAnalyzer3. All devices listed can be members.

Which two actions should an administrator take to vide Compromised Hosts on FortiAnalyzer? (Choose two.). Enable device detection on the FotiGate device that are sending logs to FortiAnalyzer. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to fortiAnalyzer. Make sure all endpoints are reachable by FortiAnalyzer. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?. FortiAnalyzer Event Handler. Fabric Connector event. FortiOS Event Log. Incoming webhook.

When managing incidents on FortiAnlyzer, what must an analyst be aware of?. You can manually attach generated reports to incidents. The status of the incident is always linked to the status of the attach event. Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour. Incidents must be acknowledged before they can be analyzed.

Which SQL query is in the correct order to query to database in the FortiAnalyzer?. SELECT devid FROM $log GROUP BY devid WHERE ˜user,, users1. SELECT FROM $log WHERE devid ˜user,, USER1 GROUP BY devid. SELCT devid WHERE user-˜ USER1 FROM $log GROUP By devid. SELECT devid FROM $log WHERE ˜user= GROUP BY devid.