rckcn250706-2

1) Refer to the exhibit. The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers. Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.). It creates a wildcard administrator using LDAP and RADIUS servers. Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at any time. It allows administrators to use two-factor authentication.

Which two statements are correct about high availability (HA) on FortiAnalyzer? (Select two.). FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector. FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

Which statements are correct regarding Administrative Domains (ADOMs) in FortiAnalyzer? (Select two.). ADOMs are enabled by default. ADOMs constrain other administrator’s access privileges to a subset of devices in the device list. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM. All administrators can create ADOMs--not just the admin administrator.

What must be configured on FortiAnalyzer to automatically send generated reports via email?. Output profile. Report scheduling. SFTP server. SNMP server.

What are two actions an administrator should take to view Compromised Hosts on FortiAnalyzer? (Select two.). Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer. Make sure all endpoints are reachable by FortiAnalyzer. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Which remote authentication servers can be configured to validate FortiAnalyzer administrator logins? (Select three.). RADIUS. Local. LDAP. PKI. TACACS+.

What steps can you take on FortiAnalyzer to limit administrative access to specific locations?. Configure trusted hosts for that administrator. Enable geo-location services on accessible interface. Configure two-factor authentication with a remote RADIUS server. Configure an ADOM for respective location.

What step should you follow to attach a report to an incident?. By attaching it to an event handler alert. By editing the settings of the desired report. From the properties of an existing incident. Saving it in JSON format, and then importing it.

What is the purpose of running the command diagnose sql status sqlplugind?. To list the current SQL processes running. To check what is the database log insertion status. To display the SOL query connections and hcache status. To view the current hcache size.

How does FortiAnalyzer extract specific log data from the database?. SQL FROM statement. SQL GET statement. SQL SELECT statement. SQL EXTRACT statement.

Which two settings need to be configured on FortiAnalyzer to enable non-local administrators to authenticate using any user account within a single LDAP group? (Select two.). A local wildcard administrator account. A remote LDAP server. A trusted host profile that restricts access to the LDAP group. An administrator group.

Consider the CLI command: What is the purpose of the command?. To add a unique tag to each log to prove that it came from this FortiAnalyzer. To add the MD5 hash value and authentication code. To add a log file checksum. To encrypt log communications.

Which two statements accurately describe fabric connectors? (Select two.). Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer. Fabric connectors allow to save storage costs and improve redundancy. Storage connector service does not require a separate license to send logs to cloud platform. Cloud-Out connections allow you to send real-time logs to public cloud accounts like Amazon S3, Azure Blob, and Google Cloud.

Refer to the exhibit: Given the partial outputs shown, which devices are eligible to be members of a FortiAnalyzer Fabric?. FortiAnalyzer1 and FortiAnalyzer3. FortiAnalyzer1 and FortiAnalyzer2. All devices listed can be members. FortiAnalyzer2 and FortiAnalyzer3.

Which FortiGate process stores logs when FortiAnalyzer is not accessible?. logfiled. sqlplugind. oftpd. miglogd.

Which statements are correct about disk log quota? (Select two.). The FortiAnalyzer stops logging once the disk log quota is met. The FortiAnalyzer automatically sets the disk log quota based on the device. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met. The FortiAnalyzer disk log quota is configurable, but has a minimum of 100mb a maximum based on the reserved system space.

When performing a system backup, what does the backup configuration include? (Select two.). Generated reports. Device list. Authorized devices logs. System information.

To ensure accurate log correlation between the logging devices and FortiAnalyzer, both FortiAnalyzer and all registered devices should: Use DNS. Use host name resolution. Use real-time forwarding. Use an NTP server.

Which FortiAnalyzer feature enables you to access archived logs from another FortiAnalyzer device that match a specific timeframe?. Log upload. Indicators of Compromise. Log forwarding and aggregation mode. Log fetching.

What is needed to authorize a FortiGate on FortiAnalyzer using Fabric authorization?. A FortiGate ADOM. The FortiGate serial number. A pre-shared key. Valid FortiAnalyzer credentials.

Refer to the exhibit. What is the purpose of using the Chart Builder feature on FortiAnalyzer?. To add a new chart under FortiView to be used in new reports. To build a dataset and chart automatically, based on the filtered search results. To add charts directly to generate reports in the current ADOM. To build a chart automatically based on the top 100 log entries.

Which FortiView tool allows you to automatically generate a dataset and chart from a filtered search result?. Chart Builder. Export to Report Chart. Dataset Library. Custom View.

A rogue administrator gained unauthorized access to FortiAnalyzer, and you need to investigate their activity. How can you use FortiAnalyzer to achieve this?. Click FortiView and generate a report for that administrator. Click Task Monitor and view the tasks performed by that administrator. Click Log View and generate a report for that administrator. View the tasks performed by the rogue administrator in Fabric View.

What are two main features of FortiAnalyzer? (Select two.). Centralized log repository. Cloud-based management. Reports. Virtual domains (VDOMs).

What are two functions of the auto cache setting in reports? (Select two.). It automatically updates the hcache when new logs arrive. It provides diagnostics on report generation time. It reduces the log insert lag rate. It reduces report generation time.

In the event of a hard disk failure on a FortiAnalyzer with software RAID, how can you restore normal functionality without losing any data?. Hot swap the disk. Replace the disk and rebuild the RAID manually. Take no action if the RAID level supports a failed disk. Shut down FortiAnalyzer and replace the disk.

After transferring a registered logging device from one ADOM to another, what occurs when you rebuild the database in the new ADOM?. FortiAnalyzer resets the disk quota of the new ADOM to default. FortiAnalyzer migrates archive logs to the new ADOM. FortiAnalyzer migrates analytics logs to the new ADOM. FortiAnalyzer removes logs from the old ADOM.

How would you describe online logs on FortiAnalyzer?. Logs that reached a specific size and were rolled over. Logs that can be used to create reports. Logs that can be viewed using Log Browse. Logs that are saved to disk, compressed, and available in FortiView.

What is the default behavior when a log file reaches its maximum size?. FortiAnalyzer overwrites the log files. FortiAnalyzer stops logging. FortiAnalyzer rolls the active log by renaming the file. FortiAnalyzer forwards logs to syslog.

What are two of the most common methods used to control and restrict administrative access on FortiAnalyzer? (Select two.). Virtual domains. Administrative access profiles. Trusted hosts. Security Fabric.

Which clause is required in SELECT statements used by FortiAnalyzer to create reports?. FROM. LIMIT. WHERE. ORDER BY.

Which two SAML roles can FortiAnalyzer be configured for? (Select two.). Principal. Service Provier. Identity collector. Identity provider.

What two configurations are necessary for FortiAnalyzer to collect logs from a FortiGate device? (Select two.). Remote logging must be enabled on FortiGate. Log encryption must be enabled. ADOMs must be enabled. FortiGate must be registered with FortiAnalyzer.

What information can the CLI command # diagnose test application oftpd 3 provide?. What devices and IP addresses are connecting to FortiAnalyzer. What logs, if any, are reaching FortiAnalyzer. What ADOMs are enabled and configured. What devices are registered and unregistered.

Which statement accurately describes the FortiSOAR management extension?. It requires a FortiManager configured to manage FortiGate. It requires a dedicated FortiSOAR device or VM. It does not include a limited trial by default. It runs as a docker container on FortiAnalyzer.