option
My Daypo

Novo 5-2

COMMENTS STADISTICS RECORDS
TAKE THE TEST
Title of test:
Novo 5-2

Description:
Meu teste

Author:
mattheus
(Other tests from this author)

Creation Date:
12/05/2022

Category:
Others

Number of questions: 85
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
On the RAID management page, the disk status is listed as Initializing. What does the status Initializing indicate about what the FortiAnalyzer is currently doing? FortiAnalyzer is ensuring that the parity data of a redundant drive is valid FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant FortiAnalyzer is functioning normally.
What is the recommended method of expanding disk space on a FortiAnalyzer VM? From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk number> command to expand the storage From the VM host manager, expand the size of the existing virtual disk From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk From the VM host manager, add an additional virtual disk and rebuild your RAID array.
On FortiAnalyzer, what is a wildcard administrator account? An account that permits access to members of an LDAP group An account that allows guest access with read-only privileges An account that requires two-factor authentication An account that validates against any user account on a FortiAuthenticator.
Consider the CLI command: What is the purpose of the command? To add a unique tag to each log to prove that it came from this FortiAnalyzer To add the MD5 hash value and authentication code To add a log file checksum To encrypt log communication.
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.) SSL is the default setting SSL communications are auto-negotiated between the two devices SSL can send logs in real-time only SSL encryption levels are globally set on FortiAnalyzer FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.
You need to upgrade your FortiAnalyzer firmware. What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable? FortiAnalyzer uses log fetching to retrieve the logs when back online FortiGate uses the miglogd process to cache the logs The logfiled process stores logs in offline mode Logs are dropped.
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two) FortiAnalyzer distinguishes different devices by their serial number FortiAnalyzer receives logs from d devices in a duster FortiAnalyzer receives bgs only from the primary device in the cluster FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.
What can you do on FortiAnalyzer to restrict administrative access from specific locations? Configure trusted hosts for that administrator Enable geo-location services on accessible interface Configure two-factor authentication with a remote RADIUS server Configure an ADOM for respective location.
View the exhibit. Why is the total quota less than the total system storage? 3.6% of the system storage is already being used Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files The oftpd process has not archived the logs yet The logfiled process is just estimating the total quota.
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts? Antivirus logs Web filter logs IPS logs Application control logs.
If you upgrade the FortiAnalyzer firmware, which report element can be affected? Custom datasets Report scheduling Report settings Output profiles.
What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices? Log correlation Host name resolution Log collection Real-time forwarding.
Which statement is true regarding Macros on FortiAnalyzer? Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM Macros are supported only on the FortiGate ADOM Macros are useful in generating excel log files automatically based on the reports settings Macros are predefined templates for reports and cannot be customized.
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings? The log file is stored as a raw log and is available for analytic support The log file rolls over and is archived The log file is purged from the database The log file is overwritten.
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result? Chart Builder Export to Report Chart Dataset Library Custom View.
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.) All FortiGates can send logs to FortiAnalyzer using the store and upload option Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option Both secure communications methods (SSL and IPsec) allow the store and upload option Disk logging is enabled on the FortiGate through the CLI only Disk logging is enabled by default on the FortiGat.
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1. What should the administrator do to solve this issue? Use the execute sql-local rebuild-db command to rebuild all ADOM databases Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database Use the execute sql-report run ADOM1 command to run a report Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.) A local wildcard administrator account A remote LDAP server A trusted host profile that restricts access to the LDAP group An administrator group.
View the exhibit: What does the 1000MB maximum for disk utilization refer to? The disk quota for the FortiAnalyzer model The disk quota for all devices in the ADOM The disk quota for each device in the ADOM The disk quota for the ADOM type.
Refer to the exhibit. The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers. Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.) It creates a wildcard administrator using LDAP and RADIUS servers Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime It allows administrators to use two-factor authentication.
Which two statements are true regarding ADOM modes? (Choose two.) You can only change ADOM modes through CLI In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs Normal mode is the default ADOM mode.
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should: Use DNS Use host name resolution Use real-time forwarding Use an NTP server.
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data? Hot swap the disk Replace the disk and rebuild the RAID manually Take no action if the RAID level supports a failed disk Shut down FortiAnalyzer and replace the disk.
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.) Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto-negotiated Must establish an IPsec tunnel ID and pre-shared key IPsec cannot be enabled if SSL is enabled as well. IPsec is only enabled through the CLI on FortiAnalyzer.
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer? To properly correlate logs To use real-time forwarding To resolve host names To improve DNS response times.
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer? Configure local DNS servers on FortiAnalyzer Resolve IPs on FortiGate Configure # set resolve-ip enable in the system FortiView settings Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve .
How do you restrict an administrator’s access to a subset of your organization’s ADOMs? Set the ADOM mode to Advanced Assign the ADOMs to the administrator’s account Configure trusted hosts Assign the default Super_User administrator profile .
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer. What can you do on FortiAnalyzer to accomplish this? Click FortiView and generate a report for that administrator Click Task Monitor and view the tasks performed by that administrator Click Log View and generate a report for that administrator View the tasks performed by the rogue administrator in Fabric View.
How can you configure FortiAnalyzer to permit administrator logins from only specific locations? Use static routes Use administrative profiles Use trusted hosts Use secure protocols.
View the exhibit. What does the data point at 14:35 tell you? FortiAnalyzer is dropping logs FortiAnalyzer is indexing logs faster than logs are being received FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexe The sqlplugind daemon is ahead in indexing by one log.
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.) A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.) ADOMs are enabled by default ADOMs constrain other administrator’s access privileges to a subset of devices in the device list Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM All administrators can create ADOMs--not just the admin administrator.
What are offline logs on FortiAnalyzer? Compressed logs, which are also known as archive logs, are considered to be offline logs When you restart FortiAnalyzer. all stored logs are considered to be offline logs Logs that are indexed and stored in the SQL database Logs that are collected from offline devices after they boot up.
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. What can be the reason for this failure? FortiAnalyzer is in an HA cluster ADOM mode should be set to advanced, in order to register the FortiClient EMS device ADOMs are not enabled on FortiAnalyzer A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
For which two SAML roles can the FortiAnalyzer be configured? (Choose two.) Principal Service provider Identity collector Identity provider.
Refer to the exhibit. Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.) Report size will be optimized to conserve disk space on FortiAnalyzer Reports will be cached in the memory This feature is automatically enabled for scheduled reports Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
What is the purpose of employing RAID with FortiAnalyzer? To introduce redundancy to your log data To provide data separation between ADOMs To separate analytical and archive data To back up your logs.
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used. What does the disk quota refer to? The maximum disk utilization for each device in the ADOM The maximum disk utilization for the FortiAnalyzer model The maximum disk utilization for the ADOM type The maximum disk utilization for all devices in the ADOM .
The maximum disk utilization for all devices in the ADOM SQL FROM statement SQL GET statement SQL SELECT statement SQL EXTRACT statement.
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.) In aggregation mode, you can forward logs to syslog and CEF servers as well Forwarding mode forwards logs in real time only to other FortiAnalyzer device Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time Both modes, forwarding and aggregation, support encryption of logs between device.
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer? Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve Configure # set resolve-ip enable in the system FortiView settings Configure local DNS servers on FortiAnalyzer Resolve IP addresses on FortiGate.
Which statements are correct regarding FortiAnalyzer reports? (Choose two) FortiAnalyzer provides the ability to create custom reports FortiAnalyzer glows you to schedule reports to run FortiAnalyzer includes pre-defined reports only FortiAnalyzer allows reporting for FortiGate devices only.
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server? (Choose two.) SFTP, FTP, or SCP server Mail server Output profile Report scheduling.
What two things should an administrator do to view Compromised Hosts on FortiAnalyzer? (Choose two.) Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up-to-date Make sure all endpoints are reachable by FortiAnalyzer.
An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end What is the significance of executing this command? Use this command only if the source IP addresses are not resolved on FortiGate It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer You must configure local DNS servers on FortiGate for this command to resolve IP addresses on FortiAnalyzer It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
For which two purposes would you use the command set log checksum? (Choose two.) To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server To prevent log modification or tampering To encrypt log communications To send an identical set of logs to a second logging server.
Which tabs do not appear when FortiAnalyzer is operating in Collector mode? FortiView Event Management Device Manger Reporting.
Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.) Mail server Output profile SFTP server Report scheduling.
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.) Virtual domains Administrative access profiles Trusted hosts Security Fabric.
You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database? FortiAnalyzer resets the disk quota of the new ADOM to default. FortiAnalyzer migrates archive logs to the new ADOM FortiAnalyzer migrates analytics logs to the new ADOM FortiAnalyzer removes logs from the old ADOM.
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results. Similarly, which feature you can use for FortiView? Export to Report Chart Export to PDF Export to Chart Builder Export to Custom Chart.
How are logs forwarded when FortiAnalyzer is using aggregation mode? Logs are forwarded as they are received and content files are uploaded at a scheduled time Logs and content files are stored and uploaded at a scheduled time Logs are forwarded as they are received Logs and content files are forwarded as they are received.
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy. What is the most likely problem? CPU resources are too high Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device The total disk space is insufficient and you need to add other disk The ADOM disk quota is set too low, based on log rates.
Refer to the exhibit. What does the data point at 14:55 tell you? The received rate is almost at its maximum for this device The sqlplugind daemon is behind in log indexing by two logs Logs are being dropped Raw logs are reaching FortiAnalyzer faster than they can be indexed.
When you perform a system backup, what does the backup configuration contain? (Choose two.) Generated reports Device list Authorized devices logs System information.
Which two purposes does the auto cache setting on reports serve? (Choose two.) It automatically updates the hcache when new logs arrive It provides diagnostics on report generation time It reduces the log insert lag rate It reduces report generation time.
What are the operating modes of FortiAnalyzer? (Choose two) Standalone Manager Analyzer Collector.
What are two advantages of setting up fabric ADOM? (Choose two.) It can be used for fast data processing and log correlation It can be used to facilitate communication between devices in same Security Fabric It can include all Fortinet devices that are part of the same Security Fabric It can include only FortiGate devices that are part of the same Security Fabric.
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.) Remote logging must be enabled on FortiGate Log encryption must be enabled ADOMs must be enabled FortiGate must be registered with FortiAnalyzer.
What is the purpose of a dataset query in FortiAnalyzer? It sorts log data into tables It extracts the database schema It retrieves log data from the database It injects log data into the database.
What is the purpose of the following CLI command? To add a log file checksum To add the MD’s hash value and authentication code To add a unique tag to each log to prove that it came from this FortiAnalyzer To encrypt log communications.
Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports? FROM LIMIT WHERE ORDER BY.
What purposes does the auto-cache setting on reports serve? (Choose two.) To reduce report generation time To automatically update the hcache when new logs arrive To reduce the log insert lag rate To provide diagnostics on report generation time.
What can the CLI command # diagnose test application oftpd 3 help you to determine? What devices and IP addresses are connecting to FortiAnalyzer What logs, if any, are reaching FortiAnalyzer What ADOMs are enabled and configured What devices are registered and unregistered.
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.) When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. Collector mode is the default operating mode When in collector mode. FortiAnalyzer supports event management and reporting features By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting.
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed. What is the recommended method to replace the disk? Shut down FortiAnalyzer and then replace the disk Downgrade your RAID level, replace the disk, and then upgrade your RAID level Clear all RAID alarms and replace the disk while FortiAnalyzer is still running Perform a hot swap.
Which daemon is responsible for enforcing raw log file size? logfiled oftpd sqlplugind miglogd.
Which two statements about log forwarding are true? (Choose two.) Forwarded logs cannot be filtered to match specific criteria Logs are forwarded in real-time only The client retains a local copy of the logs after forwarding You can use aggregation mode only with another FortiAnalyzer.
What FortiGate process caches logs when FortiAnalyzer is not reachable? logfiled sqlplugind oftpd miglogd.
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device? Log upload Indicators of Compromise Log forwarding an aggregation mode Log fetching.
What are two of the key features of FortiAnalyzer? (Choose two.) Centralized log repository Cloud-based management Reports Virtual domains (VDOMs).
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days. What is the most likely problem? Quota enforcement is acting on analytical data before a report is complete Logs are rolling before the report is run CPU resources are too high Disk utilization for archive logs is set for 15 days.
What is the purpose of a predefined template on the FortiAnalyzer? It can be edited and modified as required It specifies the report layout which contains predefined texts, charts, and macros It specifies report settings which contains time period, device selection, and schedule It contains predefined data to generate mock reports.
What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three) RADIUS Local LDAP PKI TACACS+.
FortiAnalyzer centralizes which functions? (Choose three) Network analysis Graphical reporting Content archiving / data mining Vulnerability assessment Security log analysis / forensics.
If you upgrade your FortiAnalyzer firmware, what report elements can be affected? Output profiles Report settings Report scheduling Custom datasets.
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem? The total disk space is insufficient and you need to add other disk CPU resources are too high The ADOM disk quota is set too low based on log rates Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.
An administrator has moved FortiGate A from the root ADOM to ADOM1. Which two statements are true regarding logs? Analytics logs will be moved to ADOM1 from the root ADOM automatically Archived logs will be moved to ADOM1 from the root ADOM automatically Logs will be presented in both ADOMs immediately after the move Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.
What statements are true regarding disk log quota? (Choose two) The FortiAnalyzer stops logging once the disk log quota is met The FortiAnalyzer automatically sets the disk log quota based on the device The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.) FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.
By default, what happens when a log file reaches its maximum file size? FortiAnalyzer overwrites the log files FortiAnalyzer stops logging FortiAnalyzer rolls the active log by renaming the file FortiAnalyzer forwards logs to syslog.
An administrator has configured the following settings: config system global set log-checksum md5-auth end What is the significance of executing this command? This command records the log file MD5 hash value This command records passwords in log files and encrypts them This command encrypts log transfer between FortiAnalyzer and other devices This command records the log file MD5 hash value and authentication code.
FortiAnalyzer uses the Optimized Fabric Transfer Protocok (OFTP) over SSL for what purpose? To upload logs to an SFTP server To prevent log modification during backup To send an identical set of logs to a second logging server To encrypt log communication between devices.
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.) License type Disk size Total quota RAID level.
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.) SMS Email SNMP IM.
Report abuse Terms of use
HOME
CREATE TEST
COMMENTS
STADISTICS
RECORDS
Author's Tests