Pepe_FAZ-AN

Refer to the exhibit. What can you conclude about the output?. The output is not ADOM specific. There are more event logs than traffic logs. The low indexing values require investigation. The log rate being higher than the message rate is not normal.

Which two statements about exporting and importing playbooks are true? (Choose two.). You can export only one playbook at a time. A playbook that was disabled when it was exported will be disabled when it is imported. You can import a playbook even if there is another one with the same name in the destination. Playbooks can be imported to a different FortiAnalyzer device, but only if the connectors already exist.

When managing incidents on FortiAnalyzer, what must an analyst be aware of?. The status of the incident is always linked to the status of the attached event. Incidents must be acknowledged before they can be analyzed. Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour. You can manually attach generated reports to incidents.

You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do not see it listed. What is the reason?. The report has no results and must be reconfigured. You must create a trigger to run the report first. The playbook is currently running and will be available after it is finished. The report does not have auto-cache and extended log filtering enabled.

Refer to the exhibit. Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1. Which filter will achieve the desired result?. operation-login & dstip==10.1.1.210 & user!-admin. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin. operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin.

Refer to the exhibits. Assume these are all the events that exist on the FortiAnalyzer device. How many events will be added to the incident created after running this playbook?. No events will be added. Eleven events will be added. Four events will be added. Seven events will be added.

Which SQL query is in the correct order to query the database in the FortiAnalyzer?. SELECT devid FROM $log WHERE 'user'='USER1' GROUP BY devid. SELECT devid WHERE 'user'='USER1' FROM $log GROUP BY devid. SELECT devid FROM $log GROUP BY devid WHERE 'user'='USER1'. SELECT FROM $log WHERE devid 'user'='USER1' GROUP BY devid.

What is the purpose of playbook trigger variables?. To display statistics about the playbook runtime. To provide the trigger information to make the playbook start running. To use information from the trigger to filter the action in a task. To store the start times of playbooks with On_Schedule triggers.

Refer to the exhibit. What can you conclude about these search results? (Choose two.). They were searched by using text mode. They can be downloaded to a file. They are sortable by columns and customizable. They are not available for analysis in FortiView.

What is the purpose of running the command diagnose sql status sqlplugind?. To list the current SQL processes running. To view the current hcache size. To identify the database log insertion status. To display the SQL query connections and hcache status.