rckcn250706-1

Which two methods are valid for adding a FortiGate device to FortiAnalyzer? (Select two.). Enable the Accept All Devices option on FortiAnalyzer. Add the information about FortiGate to FortiAnalyzer using the Device Manager. Connect FortiGate to the FortiAnalyzer heartbeat port and enable auto discovery. On FortiGate, configure remote logging to FortiAnalyzer.

As a best practice, FortiAnalyzer local logs should be uploaded to a remote server. Which two of the following remote servers are supported for this upload? (Select two.). FTP. SFTP. UDP. TFTP.

Which of the following statements are correct about securing communications between FortiAnalyzer and FortiGate using SSL? (Select two.). SSL is the default setting. SSL communications are auto-negotiated between the two devices. SSL can send logs in real-time only. SSL encryption levels are globally set on FortiAnalyzer.

What are the two available administrative access options on FortiAnalyzer? (Select two.). DNS. Telnet. SSH. HTTP.

What is covered by the allocated disk quota for each ADOM on FortiAnalyzer?. Archive logs and Analytics logs. Raw logs and Archive files. Raw logs and Analytics logs. SQL tables and Analytics logs.

Which statement regarding reports is accurate?. They can be generated on demand or by schedule. They can only be viewed locally on FortiAnalyzer. They require an output profile before they can be generated. They require a password before they can be generated.

Which statement accurately explains FortiAnalyzer when operating in collector mode?. This FortiAnalyzer device can aggregate logs received from other FortiAnalyzer devices. This FortiAnalyzer device can forward logs to a supervisor. This FortiAnalyzer device can act as a central hub for multiple FortiAnalyzer devices. This FortiAnalyzer device can collect logs from other devices, but will not provide analysis.

A colleague has reported that previously visible log entries are now missing from FortiView. You’ve confirmed that FortiView is configured to display logs from the correct time period and is using the appropriate filters. You’ve also verified that the FortiAnalyzer device has sufficient available disk space. What are two additional settings you can check to further troubleshoot the issue? (Select two.). Check if the analytics logs retention data policy is too short. Check if the archive log file has been rolled over. Check if the total disk quota has been exceeded. Check if the logs are quarantined for review.

What is the purpose of rebuilding the new ADOM database when you move a FortiGate device from one ADOM to another?. To migrate the archive logs to the new ADOM. To reset the disk quota enforcement to default. To run reports on the device's analytics logs in the new ADOM. To remove the device's analytics logs from the old ADOM.

What are two possible benefits of implementing RAID on FortiAnalyzer? (Select two.). It provides redundancy. It improves performance. It provides backups. It reduces system resource usage.

Which database language is supported by FortiAnalyzer for logging and reporting?. SQL. LDAP. XML. SSH.

Which two statements about exporting and importing playbooks are accurate? (Select two.). You can import a playbook even if there is another one with the same name in the destination. Playbooks can be exported and imported only within the same FortiAnalyzer device. You can export only one playbook at a time. A playbook that was disabled when it was exported will be disabled when it is imported.

A playbook consists of five tasks. When an administrator runs the playbook, four tasks complete successfully, but one task fails. What will the playbook's status be after it finishes running?. Running. Failed. Upstream_failed. Success.

Which statement accurately describes the FortiSIEM management extension?. Allows you to manage the entire life cycle of a threat or breach. Its use of the available disk space is capped at 50%. It requires a licensed FortiSIEM supervisor. It can be installed as a dedicated VM.

Which two statements about the outbreak detection service are accurate? (Select two.). New alerts are received by email. Outbreak alerts are available on the root ADOM only. An additional license is required. It automatically downloads new event handlers and reports.

What factors should you take into account when using log fetching? (Select two.). The fetch client can retrieve logs from devices that are not added to its local Device Manager. You can use filters to include only logs from a single device. The fetching profile must include a user with the Super_User profile. The archive logs retrieved from the server become archive logs in the client.

Which statement defines a dataset in FortiAnalyzer?. They determine what data is retrieved from the database. They provide the layout used for reports. They are used to set the data included in templates. They define the chart types to be used in reports.

Refer to the exhibits. How many events will be included in the incident created after executing this playbook?. Thirteen events will be added. Five events will be added. No events will be added. Ten events will be added.

Refer to the exhibit What does the data point at 12:20 indicate?. The performance of FortiAnalyzer is below the baseline. FortiAnalyzer is using its cache to avoid dropping logs. The log insert lag time is increasing. The sqlplugind service is caught up with new logs.

Which SQL query is correctly structured to query the database in FortiAnalyzer?. SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'. SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid. SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid. FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid.

What is the purpose of using prefilters when setting up event handlers?. They limit which logs are checked for matches by the other filters. They can filter the logs before they are processed by FortiAnalyzer. They download new filters to be used in event handlers. They are common filters applied simultaneously to all event handlers.

For what purpose does FortiAnalyzer use the Optimized Fabric Transfer Protocol (OFTP) over SSL?. To upload logs to an SFTP server. To prevent log modification during backup. To send an identical set of logs to a second logging server. To encrypt log communication between devices.

What settings must you configure on FortiAnalyzer to upload a report to a supported external server? (Select two.). SFTP, FTP, or SCP server. Mail server. Output profile. Report scheduling.

What must you configure on FortiAnalyzer to automatically email generated reports?. Output profile. Report scheduling. SFTP server. SNMP server.

What are two reasons for using the set log checksum command? (Select two.). To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server. To prevent log modification or tampering. To encrypt log communications. To send an identical set of logs to a second logging server.

Which type of log does the FortiAnalyzer Indicators of Compromise (IOC) feature utilize to detect infected hosts?. Antivirus logs. Web filter logs. IPS logs. Application control logs.

Refer to the exhibit. Laptop1 is shared by multiple administrators for managing FortiAnalyzer. You need to set up a generic text filter that captures all login attempts to the web interface made by any user except "admin" and originating from Laptop1. Which filter will accomplish this?. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin. operation-login & dstip==10.1.1.210 & userl-admin. operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin.

How can you set up FortiAnalyzer to allow administrator logins only from certain locations?. Use static routes. Use administrative profiles. Use trusted hosts. Use secure protocols.

What is the correct statement regarding firmware upgrades on an HA cluster consisting of two FortiAnalyzer devices?. First, upgrade the secondary device, and then upgrade the primary device. Both FortiAnalyzer devices will be upgraded at the same time. You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades. You can perform the firmware upgrade using only a console connection.

Which of the following statements are correct about securing communication between FortiAnalyzer and FortiGate using IPsec? (Select two.). Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated. Must establish an IPsec tunnel ID and pre-shared key. IPsec cannot be enabled if SSL is enabled as well. IPsec is only enabled through the CLI on FortiAnalyzer.

What occurs when a log file stored on FortiAnalyzer disks reaches the size limit set in the device log settings?. The log file is stored as a raw log and is available for analytic support. The log file rolls over and is archived. The log file is purged from the database. The log file is overwritten.

What is the recommended method for dealing with a hard disk failure on a FortiAnalyzer that uses hardware RAID?. Hot swap the disk. There is no need to do anything because the disk will self-recover. Run execute format disk to format and restart the FortiAnalyzer device. Shut down FortiAnalyzer and replace the disk.

Which two statements are accurate about ADOM modes? (Select two.). You can only change ADOM modes through CLI. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM. In an advanced mode ADOM. You can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs. Normal mode is the default ADOM mode.

Which two statements are true regardless of the initial log synchronization and log data synchronization for HA on FortiAnalyzer? (Select two.). By default, Log Data Sync is disabled on all backup device. Log Data Sync provides real-time log synchronization to all backup devices. With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device. When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

Which two statements are accurate regarding the operating modes of FortiAnalyzer? (Select two.). When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. Collector mode is the default operating mode. FortiAnalyzer supports event management and reporting features. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting.