nse5_faz_7.2_2024

Which two statements about a Fortianalyzer fabric are true? (Choose two). The supervisor can access the logs in the fabric members using an API. All fabric members must run in collector mode except the supervisor. Fabric members and the supervisor support HA. Fabric members must be in the same time zone as the supervisor.

Refer to the exhibit what does the data point at 21:10 indicate?. Fortianalyzer is indexing logs faster than logs are being received. The fortilogd daemon is ahead in indexing by one logs. Fortianalyzer has temporarily stoppped receiving logs so older logs can be indexed. Fortianalyzer is dropping logs to catch up.

Refer to the exhibit The exhibit shows a partial view of the compromised host section in fortiview with the number of threats blurred out. Assuming that they are all included in the image, what is the number of threats?. 11. 16. 1. 3.

Which statement about the FortiSOAR management extension is correct?. It requires a dedicated FortiSOAR device or VM. It runs as a docker container on Fortianalyzer. It requires a Fortimanager configured to manage Fortigate. It does not include a limited trial by default.

Refer to the exhibit Which statement is correct regarding the event displayed?. An incident was created from this event. The security event risk is considered open. The risk source is isolated. The security risk was blocked or dropped.

Why run the command diagnose sql status sqlplugind?. To list the current SQL processes running. To view the current hcache size. To display the SQL query connections and hcache status. To check what is the database log insertion status.

Which statement describes archive logs on Fortianalyzer?. Logs compressed and saved in files with the .gz extension. Logs that are indexed and stored in the SQL database. Logs a Fortianalyzer administrator can access in Fortiview. Logs previously collected from devices that are offline.

After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario?(Choose two). You enable auto-cache with extended log filtering. The logfiled service has not indexed all the expected logs. The logs were overwritten by the data retention policy. The time frame selected in the report is wrong.

Which log will generate an event with the status Unhandled?. An AV log with action=quarantine. A WebFilter log with action=dropped. An AppControl log with action=blocked. An IPS log with action=pass.

Refer to the exhibit Which Fortianalyzer tool can refer to the Cyber Kill Chain stages and allows you to identify which Fortinet products can protect you against new vulnerabilities?. Fortiview Monitor top threats. Outbreak detection services. FortiSOC dashboards. Threat hunting SIEM table.

Which item must you configure on Fortianalyzer to email generated reports automatically?. Report scheduling. SFTP server. SNMP server. Output profile.

What are two benefits of using fabric connectors? (Choose two). Fabric connectors allow you to improve redundancy. They allow Fortianalyzer to send logs inf real-time to public cloud accounts. You do not need an additional license to send logs to the cloud platform. Using fabric connectors is more efficient than using third-party polling with API.

Which two statements are true regarding Fortianalyzer operating modes? (Choose two). When running in collector mode, Fortianalyzer can forward logs to a syslog server. You can create and edit reports when Fortianalyzer is running in collector mode. Fortianalyzer runs in collector mode by default unless it is configured for HA. A topology with Fortianalyzer devices running in both modes can improve their performance.

Which log will generate an event with the status Contained?. An IPS log with action=pass. A WebFilter log with action=dropped. An AV log with action=quarantine. An AppControl log with action=blocked.

What are two effects of enabling auto-cache in a Fortianalyzer report? (Choose two). When new logs are received, the hard-cache data is update automatically. The generation time for reports is decreased. Fortianalyzer local cache is used to store generated reports. The size of newly generated reports is optimized to conserve disk space.

Which statement about the FortiSIEM management extension is correct?. Its use of the available disk space is capped at 50%. It can be installed as a dedicated VM. It requires a licensed FortiSIEM supervisor. Allows you to manage the entire life cycle of a threat of breach.

What does the data point at 12:20 indicate?. The performance of Fortianalyzer is below the baseline. Fortianalyzer is using its cache to avoid dropping logs. The sqlplugind service is caught up with new logs. The log insert lag time is increasing.

A playbook contains five task in total. An administrator runs the playbook and four out of five task successfully, but one task fails. What will be the status of the playbook after it is run?. Upstream_failed. Success. Running. Failed.

Which statement about sending notifications with incident updates is true?. Each incident can send notifications to a single external platform. Each connector used can have different notifications settings. Notifications can be sent only when an incident is created or deleted. You must configure an output profile to send notifications by email.

What is the purpose of using prefilters when configuring event handlers?. They are common filters applied simultaneously to all event handlers. They can filter the logs before they are processed by Fortianalyzer. They limit which logs are checked for matches by the other filters. They download new filters to be used in event handlers.

What happends when the IOC breach detection engine of Fortianalyzer finds web logs that match a blocklisted IP address?. The detection engine classifies those logs as Suspicious. Fortianalyzer flags the associated host for further analysis. A new infected entry is added for the corresponding endpoint. The endpoint is marked as Compromised and, optionally, can be put in quarantine.

Refer to the exhibit Which statement is correct regarding the event displayed?. An incident was created from this event. The security risk was blocked or dropped. The risk source is isolated. The security event risk is considered open.

How can you attach a report to an incident?. Saving it in JSON format, and the importing it. By attaching it to an event handler alert. By editing the settings of the desired report. From the properties of an existing incident.

What does the disk status Degraded mean for RAID management?. One or more drives are missing from the Fortianalyzer unit. The drive is no longer available to the operating system. The Fortianalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal status. The hard drive is no longer being used by the RAID controller. The Fortianalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.

Refer to the exhibit. Which image corresponds to the packet capture shown in the exhibit?. A. B. C. D.

Which two methods can you use to send event notifications when an event occurs that matches a configured event handler?(Choose two). Send Alert through Fabric Connectors. Send SNMP trap. Send SMS notifications. Send Alert through IM.

What is the purpose of using prefilters when configuring event handlers?. They can filter the logs before they are processed by Fortianalyzer. They can limit which logs are checked for matches by the other filters. They download new filters to be used in event handlers. They are common filters applied simultaneusly to all event handlers.

Refer to the exhibit The image displays the configuration of a Fortianalyzer the administrator wants to join to an existing HA cluster What can you concluide from the configuration displayed?. This Fortianalyzer is configured to receive logs in its port1. This Fortianalyzer will trigger a failover after losing communication with its peers for 10 seconds. This Fortianalyzer will join to the existing HA cluster as the primary. After joining to the cluster, this Fortianalyzer will keep an updated log database.

Why do you need to wait for several minutes before you run a playbook that you just created?. Fortianalyzer needs that time to parse the new playbook. FortiAnalyzer needs that time to back up the current playbooks. FortiAnalyzer needs that time to ensure there are no other playbooks running. FortiAnalyzer needs that time to debug the new playbook.

Refer to the exhibit The image shows the details of a playbook after it finished running Whats is the status of the playbook?. Upstream_failed. Running. Success. Failed.

You are looking for a playbook that was exported by a junior administrator. You perform a search and find the files listed bellow Which file would you choose to perform an import operation?. Exported_playbook.sql. Exported_playbook.csv. Exported_playbook.txt. Exported_playbook.json.

Refer to the exhibit Based on tha partial outputs displayed above, which devices are ready to be configured as peers in an HA cluster?. Fortianalyzer1 and Fortianalyzer3. Fortianalyzer2 and Fortianalyzer3. Fortianalyzer1 and Fortianalyzer2. These devices cannot participate in the same cluster.

What is the purpose of trigger variables?. To display statistics about the playbook runtime. To use information from the trigger to filter the action in a task. To provide the trigger information to make the playbook start running. To store the start times of playbooks with On_Schedule triggers.

Which statement correctly describes the management extensions available on Fortianalyzer?. Management extensions do not require additional licenses. Management extensions may require a minimum number of CPU cores to run. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor. Management extensions require a dedicated VM for best performance.

What are offline logs on Fortianalyzer?. Logs that are collected from offline devices after they boot up. Compressed logs, also known as archive logs, are considered to be offline logs. Logs that are indexed and stored in the SQL database. When you restart FortiAnalyzer, all stored logs are considered to be offline logs.

Which Fortianalyzer feature allows you to use a proactive approach when managing your network security?. FortiView Monitor. Threat hunting. Incidents dashboards. Outbreak alert services.

Refer to the exhibit. Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than “admin" and coming from Laptop1. Which filter will achieve the desired result?. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin. operation-login & dstip==10.1.1.210 & userl-admin. operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin.

Which two statements are true regarding high availability (HA) on Fortianalyzer? (Choose two). FortiAnalyzer HA can function without VRRP, and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector. FortiAnalyzer HA implementation is supported by all cloud providers.

After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command? execute sql-local rebuild-adom <new-ADOM-name>. To reset the disk quota enforcement to default. To remove the analytics logs of the device from the old database. To migrate the archive logs to the new ADOM. To populate the new ADOM with analytical logs for the moved device, so you can run reports.

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?. Hot swap the disk. There is no need to do anything because the disk will self-recover. Shut down FortiAnalyzer and replace the disk. Run execute format disk to format and restart the FortiAnalyzer device.

Which statement is true regarding Macros on FortiAnalyzer?. Macros are predefined templates for reports and cannot be customized. Macros are useful in generating excel log files automatically based on the report settings. Macros are supported only on the FortiGate ADOM. Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM.

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer. What can you do on FortiAnalyzer to accomplish this?. Click Task Monitor and view the tasks performed by that administrator. Click Fabric View and view the tasks performed by the rogue administrator. Click Log View and generate a report for that administrator. Click FortiView and generate a report for that administrator.

What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?. A pre-shared key. The FortiGate serial number. A FortiGate ADOM. Valid FortiAnalyzer credentials.

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.). Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer. Make sure all endpoints are reachable by FortiAnalyzer. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

When working with Fortianalyzer reports, what is the purpose of a dataset?. To set the data included in templates. To retrieve data from the database. To provide the layout used for reports. To define the chart type to be used.

Refer to the exhibit. Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.). Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets. This feature is automatically enabled for scheduled reports. Reports will be cached in the memory. Report size will be optimized to conserve disk space on FortiAnalyzer.

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?. The firmware version is checked first. The active port number is checked first. The configured IP address is checked first. The configured priority is checked first.

For which two purposes would you use the command set log checksum? (Choose two.). To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server. To prevent log modification or tampering. To encrypt log communications. To send an identical set of logs to a second logging server.

In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results. Similarly, which feature can you use for FortiView?. Export to Custom Chart. Export to PDF. Export to Chart Builder. Export to Report Chart.

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.). By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. When in collector mode. FortiAnalyzer supports event management and reporting features. Collector mode is the default operating mode.

Which statement is true about sending notifications with incident updates?. You can send notifications to multiple external platforms. If you use multiple fabric connectors, all connectors must have the same notification settings. Notifications can be sent only by email. Notifications can be sent only when an incident is updated or deleted.

Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.). Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.). Principal. Identity provider. Identity collector. Service provider.

An administrator, fortinet, is able to view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails. What can be the problem?. fortinet is assigned the Standard_User administrative profile. A trusted host is configured. ADOM mode is configured with Advanced mode. fortinet is assigned the Restricted_User administrative profile.

Which two statements are correct regarding the export and import of playbooks? (Choose two.). Playbooks can be exported and imported only within the same FortiAnalyzer. You can export only one playbook at a time. A playbook that was disabled when it was exported, will be disabled when it is imported. You can import a playbook even if there is another one with the same name in the destination.

Which SQL query is in the correct order to query the database in the FortiAnalyzer?. SELECT devid WHERE 'user'='USER1' FROM $log GROUP BY devid. FROM $log WHERE 'user'='USER1' SELECT devid GROUP BY devid. SELECT devid FROM $log WHERE 'user'='USER1' GROUP BY devid. SELECT devid FROM $log GROUP BY devid WHERE 'user'='USER1'.

What is the purpose of output variables?. To display details of the connectors used by a playbook. To store playbook execution statistics. To save all the task settings when a playbook is exported. To use the output of the previous task as the input of the current task.

Which statement is true when you are upgrading the firmware on an HA cluster made up of two FortiAnalyzer devices?. You can perform the firmware upgrade using only a console connection. First, upgrade the secondary device, and then upgrade the primary device. You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades. Both FortiAnalyzer devices will be upgraded at the same time.

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.). Both modes, forwarding and aggregation, support encryption of logs between devices. In aggregation mode, you can forward logs to syslog and CEF servers as well. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Which two statements are true regarding ADOM modes? (Choose two.). You can change ADOM modes only through the CLI. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible. In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs. Normal mode is the default ADOM mode.

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.). Report information. Database snapshot. System information. Logs from registered devices.

Which daemon is responsible for enforcing the log file size?. logfiled. oftpd. sqlplugind. miglogd.

Refer to the exhibits. How many events will be added to the incident created after running this playbook?. No events will be added. Ten events will be added. Five events will be added. Thirteen events will be added.

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?. FortiAnalyzer Event Handler. Incoming webhook. FortiOS Event Log. Fabric Connector event.

Refer to the exhibit. What is the purpose of using the Chart Builder feature on FortiAnalyzer?. To add a new chart under FortiView to be used in new reports. To build a dataset and chart automatically, based on the filtered search results. To add charts directly to generate reports in the current ADOM. To build a chart automatically based on the top 100 log entries.

An administrator has configured the following settings: config system global set log-checksum md5-auth end What is the significance of executing this command?. This command records the log file MD5 hash value. This command records passwords in log files and encrypts them. This command encrypts log transfer between FortiAnalyzer and other devices. This command records the log file MD5 hash value and authentication code.

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.). License type. Disk size. Total quota. RAID level.

Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.). By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. When in collector mode. FortiAnalyzer supports event management and reporting features. Collector mode is the default operating mode.

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.). Mail server. Output profile. SFTP server. Report scheduling.

Which statement is true about sending notifications with incident updates?. You can send notifications to multiple external platforms. If you use multiple fabric connectors, all connectors must have the same notification settings. Notifications can be sent only by email. Notifications can be sent only when an incident is updated or deleted.

Which statement is true when you are upgrading the firmware on an HA cluster made up of two FortiAnalyzer devices?. You can perform the firmware upgrade using only a console connection. First, upgrade the secondary device, and then upgrade the primary device. You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades. Both FortiAnalyzer devices will be upgraded at the same time.

What is the purpose of a predefined template on the FortiAnalyzer?. It can be edited and modified as required. It specifies the report layout which contains predefined texts, charts, and macros. It specifies report settings which contains time period, device selection, and schedule. It contains predefined data to generate mock reports.

What is the purpose of predefined report templates on Fortianalyzer?. They can be customized to meet your needs. They can be created by saving reports as templates. They specify the layout used in reports. They incluide the data used in reports charts.

Which two statements are true regarding fabric connectors? (Choose two.). Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API. Fabric connectors allow to save storage costs and improve redundancy. Storage connector service does not require a separate license to send logs to cloud platform. Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.). Virtual domains. Administrative access profiles. Trusted hosts. Security Fabric.

Refer to the exhibit. The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers. Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.). It creates a wildcard administrator using LDAP and RADIUS servers. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at any time. It allows administrators to use two-factor authentication.

For which two purposes would you use the command set log checksum? (Choose two.). To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server. To prevent log modification or tampering. To encrypt log communications. To send an identical set of logs to a second logging server.

An administrator has moved FortiGate A from the root ADOM to ADOM1. Which two statements are true regarding logs? (Choose two.). Analytics logs will be moved to ADOM1 from the root ADOM automatically. Archived logs will be moved to ADOM1 from the root ADOM automatically. Logs will be presented in both ADOMs immediately after the move. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

Which two statements are true regarding ADOM modes? (Choose two.). You can change ADOM modes only through the CLI. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible. In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs. Normal mode is the default ADOM mode.

Which statement is true about using aggregation mode on Fortianalyzer?. Aggregation mode supports log filters. In aggregation mode, logs and content files are forwarded in real time. Aggregation mode can be configured only on the CLI. Aggregation mode can work with syslog servers.

What does the disk status Degraded mean for RAID management?. One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system. The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant. The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state. he hard drive Is no longer being used by the RAID controller.

What can you do on FortiAnalyzer to restrict administrative access from specific locations?. Configure trusted hosts for that administrator. Enable geo-location services on accessible interface. Configure two-factor authentication with a remote RADIUS server. Configure an ADOM for respective location.

Which two statements are true regarding the outbreak detection service? (Choose two.). New alerts are received by email. Outbreak alerts are available on the root ADOM only. An additional license is required. It automatically downloads new event handlers and reports.

Which two statements are correct regarding the export and import of playbooks? (Choose two.). You can import a playbook even if there is another one with the same name in the destination. Playbooks can be exported and imported only within the same FortiAnalyzer device. You can export only one playbook at a time. A playbook that was disabled when it was exported will be disabled when it is imported.

Which statement about the FortiSIEM management extension is correct?. Allows you to manage the entire life cycle of a threat or breach. Its use of the available disk space is capped at 50%. It requires a licensed FortiSIEM supervisor. It can be installed as a dedicated VM.

Which two statements express the advantages of grouping similar reports? (Choose two.). Improve report completion time. Conserve disk space on FortiAnalyzer by grouping multiple similar reports. Reduce the number of hcache tables and improve auto-hcache completion time. Provides a better summary of reports.

What are analytics logs on FortiAnalyzer?. Log type Traffic logs. Logs that roll over when the log file reaches a specific size. Logs that are indexed and stored in the SQL. Raw logs that are compressed and saved to a log file.

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.). A local wildcard administrator account. A remote LDAP server. A trusted host profile that restricts access to the LDAP group. An administrator group.

An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end What is the significance of executing this command?. Use this command only if the source IP addresses are not resolved on FortiGate. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Which statement correctly describes the management extensions available on FortiAnalyzer?. Management extensions do not require additional licenses. Management extensions may require a minimum number of CPU cores to run. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor. Management extensions require a dedicated VM for best performance.

Which statement about the FortiSOAR management extension is correct?. It requires a FortiManager configured to manage FortiGate. It requires a dedicated FortiSOAR device or VM. It does not include a limited trial by default. It runs as a docker container on FortiAnalyzer.

On the RAID management page, the disk status is listed as Initializing. What does the status Initializing indicate about what the FortiAnalyzer is currently doing?. FortiAnalyzer is ensuring that the parity data of a redundant drive is valid. FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state. FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant. FortiAnalyzer is functioning normally.

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?. To properly correlate logs. To use real-time forwarding. To resolve host names. To improve DNS response times.

You need to upgrade your FortiAnalyzer firmware. What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?. FortiAnalyzer uses log fetching to retrieve the logs when back online. FortiGate uses the miglogd process to cache the logs. The logfiled process stores logs in offline mode. Logs are dropped.

Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe, from another FortiAnalyzer device?. Log fetching. Indicators of compromise. Log forwarding in aggregation mode. Log upload.

If you upgrade the FortiAnalyzer firmware, which report element can be affected?. Custom datasets. Report scheduling. Report settings. Output profiles.

When you perform a system backup, what does the backup configuration contain? (Choose two.). Generated reports. Device list. Authorized devices logs. System information.

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?. FROM. LIMIT. WHERE. ORDER BY.

What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?. The log file is stored as a raw log and is available for analytic support. The log file rolls over and is archived. The log file is purged from the database. The log file is overwritten.

Which two statements about log forwarding are true? (Choose two.). Forwarded logs cannot be filtered to match specific criteria. Logs are forwarded in real-time only. The client retains a local copy of the logs after forwarding. You can use aggregation mode only with another FortiAnalyzer.

What is the main purpose of deploying RAID with FortiAnalyzer?. To provide redundancy of your log data. To store data in chunks across multiple drives. To make an identical copy of log data on two separate physical drives. To back up your logs.

Refer to the exhibit. Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?. FortiAnalyzer1 and FortiAnalyzer3. FortiAnalyzer1 and FortiAnalyzer2. All devices listed can be members. FortiAnalyzer2 and FortiAnalyzer3.

Which two external servers can you configure to validate administrator logins?(Choose two.). RADIUS. Only locally by FortiAnalyzer. Syslog. LDAP.

The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. What can be the reason for this failure?. FortiAnalyzer is in an HA cluster. ADOM mode should be set to advanced, in order to register the FortiClient EMS device. ADOMs are not enabled on FortiAnalyzer. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.

What must you consider when using log fetching? (Choose two.). The fetch client can retrieve logs from devices that are not added to its local Device Manager. You can use filters to include only logs from a single device. The fetching profile must include a user with the Super_User profile. The archive logs retrieved from the server become archive logs in the client.

What should you always do after erasing the FortiAnalyzer configuration on flash?. Run the execute reboot command. Run the execute reset all-settings command. Run the execute format disk command. Perform a system backup.

Why run the command diagnose sql status sqlplugind?. To list the current SQL processes running. To check what is the database log insertion status. To display the SQL query connections and hcache status. To view the current hcache size.

When you move a FortiGate device from one ADOM to a new ADOM, what is the purpose of rebuilding the new ADOM database?. To migrate the archive logs to the new ADOM. To run reports on the device's analytics logs in the new ADOM. To remove the device's analytics logs from the old ADOM. To reset the disk quota enforcement to default.

Which database language does FortiAnalyzer support for the purposes of logging and reporting?. SQL. LDAP. XML. SSH.

What is another name for Fortianalyzer archive logs?. Agregated logs. Compressed Logs. Rolled-over logs. Backed-up logs.