+F+A+Z+

You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used. What does the disk quota refer to?. The maximum disk utilization for all devices in the ADOM. The maximum disk utilization for the FortiAnalyzer model. The maximum disk utilization for each device in the ADOM. The maximum disk utilization for the ADOM type.

What are two advantages of setting up fabric ADOM? (Choose two.). It can be used for fast data processing and log correlation. It can be used to facilitate communication between devices in same Security Fabric. It can include all Fortinet devices that are part of the same Security Fabric. It can include only FortiGate devices that are part of the same Security Fabric.

Refer to the exhibit. What does the data point at 14:55 tell you?. The received rate is almost at its maximum for this device. Logs are being dropped. The sqlplugind daemon is behind in log indexing by two logs. Raw logs are reaching FortiAnalyzer faster than they can be indexed.

What is the purpose of a predefined template on the FortiAnalyzer?. It can be edited and modified as required. It specifies the report layout which contains predefined texts, charts, and macros. It specifies report settings which contains time period, device selection, and schedule. It contains predefined data to generate mock reports.

Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.). Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM. ADOMs constrain other administrator's access privileges to a subset of devices in the device list. ADOMs are enabled by default. All administrators can create ADOMs--not just the admin administrator.

An administrator has moved FortiGate A from the root ADOM to ADOM1. Which two statements are true regarding logs? (Choose two.). Analytics logs will be moved to ADOM1 from the root ADOM automatically. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database. Archived logs will be moved to ADOM1 from the root ADOM automatically. Logs will be presented in both ADOMs immediately after the move.

On FortiAnalyzer, what is a wildcard administrator account?. An account that permits access to members of an LDAP group. An account that allows guest access with read-only privileges. An account that requires two-factor authentication. An account that validates against any user account on a FortiAuthenticator.

Which two statements about log forwarding are true? (Choose two.). Forwarded logs cannot be filtered to match specific criteria. Logs are forwarded in real-time only. The client retains a local copy of the logs after forwarding. You can use aggregation mode only with another FortiAnalyzer.

In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.). Remote logging must be enabled on FortiGate. Log encryption must be enabled. ADOMs must be enabled. FortiGate must be registered with FortiAnalyzer.

Refer to the exhibit. The exhibit shows "remoteservergroup" is an authentication server group with LDAP and RADIUS servers. Which two statements express the significance of enabling "Match all users on remote server" when configuring a new administrator? (Choose two.). Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS. It creates a wildcard administrator using LDAP and RADIUS servers. Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime. It allows administrators to use two-factor authentication.

On the RAID management page, the disk status is listed as Initializing. What does the status Initializing indicate about what the FortiAnalyzer is currently doing?. FortiAnalyzer is ensuring that the parity data of a redundant drive is valid. FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state. FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant. FortiAnalyzer is functioning normally.

FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose?. To upload logs to an SFTP server. To encrypt log communication between devices. To prevent log modification during backup. To send an identical set of logs to a second logging server.

What is the purpose of a dataset query in FortiAnalyzer?. It extracts the database schema. It injects log data into the database. It retrieves log data from the database. It sorts log data into tables.

FortiAnalyzer centralizes which functions? (Choose three). Network analysis. Vulnerability assessment. Security log analysis / forensics. Content archiving / data mining. Graphical reporting.

Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?. Log upload. Indicators of Compromise. Log forwarding an aggregation mode. Log fetching.

In FortiAnalyzer's FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?. Configure local DNS servers on FortiAnalyzer. Configure # set resolve-ip enable in the system FortiView settings. Resolve IPs on FortiGate. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve.

Which two statements express the advantages of grouping similar reports? (Choose two.). Provides a better summary of reports. Improve report completion time. Conserve disk space on FortiAnalyzer by grouping multiple similar reports. Reduce the number of hcache tables and improve auto-hcache completion time.

What is Log Insert Lag Time on FortiAnalyzer?. The number of times in the logs where end users experienced slowness while accessing resources. The amount of time FortiAnalyzer takes to receive logs from a registered device. The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer. The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

What are analytics logs on FortiAnalyzer?. Logs that are indexed and stored in the SQL. Log type Traffic logs. Logs that roll over when the log file reaches a specific size. Raw logs that are compressed and saved to a log file.

If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data?. Hot swap the disk. Replace the disk and rebuild the RAID manually. Take no action if the RAID level supports a failed disk. Shut down FortiAnalyzer and replace the disk.

Consider the CLI command: What is the purpose of the command?. To add a unique tag to each log to prove that it came from this FortiAnalyzer. To add the MD5 hash value and authentication code. To add a log file checksum. To encrypt log communications.

What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?. Host name resolution. Real-time forwarding. Log correlation. Log collection.

Which two purposes does the auto cache setting on reports serve? (Choose two.). It automatically updates the hcache when new logs arrive. It provides diagnostics on report generation time. It reduces the log insert lag rate. It reduces report generation time.

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.). SFTP server. Mail server. Output profile. Report scheduling.

Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.). License type. Disk size. Total quota. RAID level.

Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?. Antivirus logs. Web filter logs. IPS logs. Application control logs.

What are event handlers?. Threats identified by FortiGuard. Specific matched conditions in the raw logs. Alert notifications. SNMP traps.

Which two FortiAnalyzer features allow you to automatically build a dataset and chart based on a filtered search result? (Choose two.). Export to Report Chart (FortiView). Custom View. Dataset Library. Chart Builder.

What is the main purpose of deploying RAID with FortiAnalyzer?. To back up your logs. To make an identical copy of log data on two separate physical drives. To provide redundancy of your log data. To store data in chunks across multiple drives.

It is a best practice to upload FortiAnalyzer local logs to a remote server. Which three remote servers are supported for the upload? (Choose three.). SFTP. SCP. FTP. UDP. TCP.

Which database language does FortiAnalyzer support for the purposes of logging and reporting?. LDAP. SSH. SQL. XML.

What should you always do after erasing the FortiAnalyzer configuration on flash?. Run the execute reset all-settings command. Run the execute format disk command. Run the execute reboot command. Perform a system backup.

What is included in the disk quota for each ADOM on the FortiAnalyzer?. SQL tables and archive files. Raw logs and archive files. Archive logs and analytics logs. Raw logs, archive files, SQL database tables.

When generating reports on FortiAnalyzer, macros can be used to include additional data. Which two statements about macros are true? (Choose two.). Macros are abbreviated dataset queries. Macros do not need to be associated with a chart. Macros are supported in FortiGate ADOMs only. Macros cannot be customized.

When you move a FortiGate device from one ADOM to a new ADOM, what is the purpose of rebuilding the new ADOM database?. To migrate the archive logs to the new ADOM. To reset the disk quota enforcement to default. To remove the device's analytics logs from the old ADOM. To run reports on the device's analytics logs in the new ADOM.

Which two external servers can you configure to validate administrator logins? (Choose two.). Syslog. LDAP. RADIUS. Only locally by FortiAnalyzer.

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.). SSL is the default setting. SSL communications are auto-negotiated between the two devices. SSL can send logs in real-time only. SSL encryption levels are globally set on FortiAnalyzer. FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days. What is the most likely problem?. Quota enforcement is acting on analytical data before a report is complete. Disk utilization for archive logs is set for 15 days. CPU resources are too high. Logs are rolling before the report is run.

You've moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?. FortiAnalyzer resets the disk quota of the new ADOM to default. FortiAnalyzer migrates archive logs to the new ADOM. FortiAnalyzer migrates analytics logs to the new ADOM. FortiAnalyzer removes logs from the old ADOM.

How does FortiAnalyzer retrieve specific log data from the database?. SQL FROM statement. SQL GET statement. SQL SELECT statement. SQL EXTRACT statement.

Refer to the exhibit. What is the purpose of using the Chart Builder feature on FortiAnalyzer?. In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries. In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results. This feature allows you to build a chart under FortiView. You can add charts to generated reports using this feature.

You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed. What is the recommended method to replace the disk?. Shut down FortiAnalyzer and then replace the disk. Downgrade your RAID level, replace the disk, and then upgrade your RAID level. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running. Perform a hot swap.

What is the recommended method of expanding disk space on a FortiAnalyzer VM?. From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk number> command to expand the storage. From the VM host manager, expand the size of the existing virtual disk. From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk. From the VM host manager, add an additional virtual disk and rebuild your RAID array.

An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end What is the significance of executing this command?. Use this command only if the source IP addresses are not resolved on FortiGate. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

If you upgrade the FortiAnalyzer firmware, which report element can be affected?. Custom datasets. Report scheduling. Report settings. Output profiles.

Which two statement are true regardless initial Logs sync and Log Data Sync for Ha on FortiAnalyzer? (Choose two.). With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device. When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs. Log Data Sync provides real-time log synchronization to all backup devices. By default, Log Data Sync is disabled on all backup devise.

You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used. What does the disk quota refer to?. The maximum disk utilization for each device in the ADOM. The maximum disk utilization for all devices in the ADOM. The maximum disk utilization for the FortiAnalyzer model. The maximum disk utilization for the ADOM type.

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec?. IPsec cannot be enabled if SSL is enabled as well. IPsec is only enabled through the CLI on FortiAnalyzer. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated. Must establish an IPsec tunnel ID and pre-shared key.

An administrator has configured the following settings: config system global set log-checksum md5-auth end What is the significance of executing this command?. This command records the log file MD5 hash value and authentication code. This command records passwords in log files and encrypts them. This command records the log file MD5 hash value. This command encrypts log transfer between FortiAnalyzer and other devices.

When you perform a system backup, what does the backup configuration contain? (Choose two.). Generated reports. Device list. Authorized devices logs. System information.

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.). A trusted host profile that restricts access to the LDAP group. A remote LDAP server. An administrator group. A local wildcard administrator account.

You need to upgrade your FortiAnalyzer firmware. What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?. Logs are dropped. The logfiled process stores logs in offline mode. FortiGate uses the miglogd process to cache the logs. FortiAnalyzer uses log fetching to retrieve the logs when back online.

Which statements are correct regarding FortiAnalyzer reports? (Choose two). FortiAnalyzer glows you to schedule reports to run. FortiAnalyzer allows reporting for FortiGate devices only. FortiAnalyzer provides the ability to create custom reports. FortiAnalyzer includes pre-defined reports only.

How do you restrict an administrator's access to a subset of your organization's ADOMs?. Set the ADOM mode to Advanced. Assign the ADOMs to the administrator's account. Configure trusted hosts. Assign the default Super_User administrator profile.

What are two of the key features of FortiAnalyzer? (Choose two.). Centralized log repository. Reports. Cloud-based management. Virtual domains (VDOMs).

Which tabs do not appear when FortiAnalyzer is operating in Collector mode? (Choose two.). Device Manger. FortiView. Reporting. Event Management.

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.). All FortiGates can send logs to FortiAnalyzer using the store and upload option. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option. Both secure communications methods (SSL and IPsec) allow the store and upload option. Disk logging is enabled on the FortiGate through the CLI only. Disk logging is enabled by default on the FortiGate.

Which statement is true about using aggregation mode on FortiAnalyzer ?. In aggregation mode, logs and content files are forwarded in real time. Aggregation mode supports log filters. Aggregation mode can work with syslog servers. Aggregation mode can be configured only on the CLI.

When is the execution of a playbook considered as failed ? Select one: When the playbook is disabled. When at least one of the tasks fails. When the playbook is imported from another ADOM. When all the tasks fail.

Which two items are automatically downloaded by the Outbreak Alerts service ? (Choose two). Incident template. Event Handler. Customized playbook. Report Template.

What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server ? (Choose two). Output profile. Mail server. Report scheduling. SFTP, FTP, or SCP server.

For proper log correlation between the logging devices and FortiAnalyzer and all registered devices should: Use DNS. Use an NTP server. Use real-time forwarding. Use host name resolution.

Why is the total qouta less than the total sustem storage ?. 3.6% of the system is already being used. The oftpd process has not archived the logs yet. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files. The logfiled process is just estimating the total quota.

How are logs forwarded when FortiAnalyzer is using aggregation mode ?. Logs are forwarded as they are received. Logs and content files are stored and uploaded at a scheduled time. Logs are forwarded as they are received and content files are uploaded at a scheduled. Logs and content files are forwarded as they are received.