rckcn250706-3

If logs are being deleted from one of your ADOMs sooner than the configured archiving settings in your data policy, what is the most likely issue?. The total disk space is insufficient and you need to add another disk. CPU resources are too high. The ADOM disk quota is set too low based on log rates. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Refer to the exhibit. What does the data point at 14:35 tell you?. FortiAnalyzer has temporary stopped receiving logs so older logs can be indexed. FortiAnalyzer is indexing logs faster than logs are being received. The fortilogd daemon is ahead in indexing by one log. FortiAnalyzer is dropping logs.

An administrator has transferred FortiGate A from the root ADOM to ADOM1 but is unable to generate reports for FortiGate A in ADOM1. What steps should the administrator take to resolve this issue?. Use the execute sql-local rebuild-db command to rebuild all ADOM databases. Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database. Use the execute sql-report run ADOM1 command to run a report. Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.

What is the advised method for increasing disk space on a FortiAnalyzer VM?. From the VM host manager, add an additional virtual disk and use the #execute lvm extend command to expand the storage. From the VM host manager, expand the size of the existing virtual disk. From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk. From the VM host manager, add an additional virtual disk and rebuild your RAID array.

View the exhibit. Why is the total quota less than the total system storage?. 3.6% of the system storage is already being used. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files. The oftpd process has not archived the logs yet. The logfiled process is just estimating the total quota.

Why might an administrator be unable to register a FortiClient EMS on a FortiAnalyzer device?. FortiAnalyzer is in an HA cluster. ADOM mode should be set to advanced, in order to register the FortiClient EMS device. ADOMs are not enabled on FortiAnalyzer. A separate license is required on FortiAnalyzer in order to register the Forti-Client EMS device.

You created a playbook on FortiAnalyzer that uses FortiOS connector. When configuring the FortiGate, what type of trigger must be used to ensure that the actions in an automation stitch are accessible in the FortiOS connector?. FortiAnalyzer Event Handler. Incoming webhook. FortiOS Event Log. Fabric Connector event.

Which statements are true about how FortiAnalyzer handles high availability (HA) clusters? (Choose two). FortiAnalyzer distinguishes different devices by their serial number. FortiAnalyzer receives logs from all devices in a cluster. FortiAnalyzer receives logs only from the primary device in the cluster. FortiAnalyzer only needs to know the serial number of the primary device in the cluster-it automatically discovers the other devices.

Which statements are true about the "store and upload" log transfer option between FortiAnalyzer and FortiGate (Choose three.). All FortiGates can send logs to FortiAnalyzer using the store and upload option. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option. Both secure communications methods (SSL and IPsec) allow the store and upload option. Disk logging is enabled on the FortiGate through the CLI only. Disk logging is enabled by default in the FortiGate.

Which two statements describe the benefits of grouping similar reports? (Choose two.). Improve report completion time. Conserve disk space on FortiAnalyzer by grouping multiple similar reports. Reduce the number of hcache tables and improve auto-hcache completion time. Provides a better summary of reports.

What are two outcomes of enabling auto-cache in a FortiAnalyzer report? (Choose two.). The size of newly generated reports is optimized to conserve disk space. FortyAnalyzer local cache is used to store generated reports. When new logs are received, the hard-cache data is updated automatically. The generation time for reports is decreased.

An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end What is the purpose of executing this command?. Use this command only if the source IP addresses are not resolved on FortiGate. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Refer to the exhibit. Which statement accurately describes the event shown?. An incident was created from this event. The security risk was blocked or dropped. The security event risk is considered open. The risk source is isolated.

To ensure accurate log correlation between logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should: Use DNS. Use host name resolution. Use real-time forwarding. Use an NTP server.

What are the functions of the auto-cache setting in reports? (Choose two.). To reduce report generation time. To automatically update the hcache when new logs arrive. To reduce the log insert lag rate. To provide diagnostics on report generation time.

In FortiAnalyzer's FortiView, surce and destination IP addresses from FortiGate devices are not resolving to hostnames. How can you resolve these IPs without causing additional performance impact on FortiAnalyzer?. Configure local DNS servers on FortiAnalyzer. Resolve IPs on FortiGate. Configure # set resolve-ip enable in the system FortiView settings. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve.

Which two configurations on FortiAnalyzer are necessary to email a FortiAnalyzer report externally? (Choose two.). Mail server. Output profile. SFTP server. Report scheduling.

Which log will produce an event with the status "Contained"?. An IPS log with action=pass. A WebFilter log with action=dropped. An AV log with action=quarantine. An AppControl log with action=blocked.

View the exhibit: What does the 1000MB limit for disk utilization indicate?. The disk quota for the FortiAnalyzer model. The disk quota for all devices in the ADOM. The disk quota for each device in the ADOM. The disk quota for the ADOM type.

If the primary FortiAnalyzer in an HA cluster fails, how is a new primary FortiAnalyzer chosen?. The configured IP address is checked first. The active port number is checked first. The firmware version is checked first. The configured priority is checked first.

Which FortiView tool can automatically generate a dataset and chart based on a filtered search result?. Chart Builder. Export to Report Chart. Dataset Library. Custom View.

What is the reason for using RAID with FortiAnalyzer?. To introduce redundancy to your log data. To provide data separation between ADOMs. To separate analytical and archive data. To back up your logs.

How are logs forwarded when FortiAnalyzer operates in aggregation mode?. Logs are forwarded as they are received and content files are uploaded at a scheduled time. Logs and content files are stored and uploaded at a scheduled time. Logs are forwarded as they are received. Logs and content files are forwarded as they are received.

How can you limit an administrator's access to a specific subset of your organization's ADOMs?. Set the ADOM mode to Advanced. Assign the ADOMs to the administrator's account. Configure trusted hosts. Assign the default Super_User administrator profile.

When you upgrade your FortiAnalyzer firmware, which elements of reports might be affected?. Output profiles. Report settings. Report scheduling. Custom datasets.

Which FortiAnanlyzer feature enables you to retrieve archived logs from another FortiAnalyzer device that match a specific timeframe?. Log forwarding in aggregation mode. Log upload. Log fetching. Indicators of Compromise.

On FortiAnalyzer, what does a wildcard administrator account refer to?. An account that permits access to members of an LDAP group. An account that allows guest access with read-only privileges. An account that requires two-factor authentication. An account that validates against any user account on a FortiAuthenticator.

What is the role of a dataset when working with FortiAnalyzer reports?. To provide the layout used for reports. To define the chart type to be used. To retrieve data from the database. To set the data included in templates.

Which functions are centralized by FortiAnalyzer? (Choose three). Network analysis. Graphical reporting. Content archiving / data mining. Vulnerability assessment. Security Log Analysis / Forensics.

What two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.). Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer. Make sure all endpoints are reachable by FortiAnalyzer. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

What is the function of trigger variables?. To display statistics about the playbook runtime. To use information from the trigger to filter the action in a task. To provide the trigger information to make the playbook start running. To store the start times of playbooks with On_Schedule triggers.

After moving a registered logging device from one ADOM to a new ADOM, what is the purpose of running the following CLI command? execute sql-local rebuild-adom <new-ADOM-name>. To reset the disk quota enforcement to default. To remove the analytics logs of the device from the old database. To migrate the archive logs to the new ADOM. To populate the new ADOM with analytical logs for the moved device, so you can run reports.

An administrator "fortinet" can view logs and manage devices, including adding and removing registered devices. However, "fortinet" is unable to create a mail server for sending emails. What might be the issue?. Fortinet is assigned the Standar_User administrator profile. A trusted host is configured. ADOM mode is configured with Advanced mode. Fortinet is assigned the Restricted_User administrator profile.

If you are using RAID with a FortiAnalyzer that supports software RAID and one of the hard disks has failed, what is the recommended procedure for replacing the disk?. Shut down FortiAnalyzer and then replace the disk. Downgrade your RAID level, replace the disk, and then upgrade your RAID level. Clear all RAID alarms alarms and replace the disk while FortiAnalyzer is still running. Perform a host swap.

After grouping multiple FortiGate devices into a single ADOM, you check the quota usage under Systems Settings > Storage Info. What does the disk quota represent?. The maximum disk utilization for each device in the ADOM. The maximum disk utilization for the FortiAnalyzer model. The maximum disk utilization for the ADOM type. The maximum disk utilization for all devices in the ADOM.