What does the disk status Degraded mean for RAID management? One or more drives are missing from the FortAnalyze,unit. The dr»misno longer available to the operationg system The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal stat The hard drive is no longer being used by the RAID controller The FortiAnalyzer device is writing to all the hard dnves on the device in order to make the array fault tolerant.
Refer to the exhibit
Which statement is correct regarding the event displayed? An incident was created from this event The risk source is isolated The security event risk is considered open
The security risk was blocked or dropped.
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two ) Send Alert through Fabric Connectors Send SNMP trap Send SMS notification SendAlert through IM.
What is the purpose of using prefilters when configuring event handlers? They can filter the logs before they are processed by FortiAnalyzer. They can limit which logs are checked for matches by the other filters They download new filters to be used in event handlers. They are common filters applied simultaneously to all event handlers.
The image displays the configuration of
cluster.
a FortiAnalyzer the administrator wants to join to an existing HA This FortiAnalyzer is configured to receive logs inits port! This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds. This FortiAnalyzer will join to the existing HA cluster as the primary After joining to the cluster, this FortiAnalyzer will keep an updated log database.
Why do you need to wait for several minutes before you run a playbook that you just created? FortiAnalyzer needs that time to parse the new playbook FortiAnalyzer needs that time to debug the new playbook. FortiAnalyzer needs that time to ensure there are no other playbooks running FortiAnalyzer needs that time to back up the current playbooks.
Refer to the exhibit.
Which statement is correct regarding the event Status displayed? The security event risk is considered open An incident was created from this event. The security risk was blocked or dropped The risk source is isolated.
Refer to the exhibit
The image shows the details of a playbook after it finisher) running
What is the status of the playbook? Upstream failed Running Success Failed.
You are looking for a playbook that was exported by a junior administrator You perform a search and find the files listed below
Which file would you choose to perform an import operation? Exported playbook.sql Exported_playbook.csv Exported_playbook.txt Exported_playbook.json.
Refer to the exhibit.
Based on the partial outputs displayed above, which devices are ready to be configured as peers in an HA cluster? FortiAnalyzer1 and FortiAnalyzer3 FortiAnalyzer2 and FortiAnalyzer3 FortiAnalyzer1 and FortiAnalyzer2 These devices cannot participate in the same duster.
What is the purpose of trigger variables? To use information from the trigger to filter the action in a task To store the starting times for On Schedule triggers To provide the trigger information to make the playbook start running To display statistics about the playbook runtime.
Which statemente correctly describes the management extensions available on FortiAnalyzer? Management extensions may require a minimum number of CPU cores to run. Management extensions do note require additional licenses Management extensions require a dedicated VM for best performance Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
What are Offline logs on FortiAnalyzer? When you restart FortiAnalyzer, all stored logs are considered to be offline logs Logs that are collected from offline devices after they boot up Logs that are indexed are stored in the SQL database Compressed logs, also know as archive logs, are considered to be offline logs.
Which FortiAnalyzer feature allows you to use a ptoactive approach when managing your network security? Threat hunting Incidents dashboards FortiView Monitor Outbreak alert services.
Refer to the exhibit
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by user other that "admin" and coming from Laptop1
Which nHer will achieve the desired result? operation-logln & dstlp==10.1.1.210 &. user!-admin operation-login 8. performed_on==-GUI10.1.1.210 & viserl=adml operation-login & srclp—10.1.1.100 & dstip==10.1.1.210 & user==admln operation-login & performed_on=="GUl(10.1.1.100)" & user'=admin.
Which two statements are true regarding high availability (HA) on FortiAnalyzer?(Choose two) FortiAnalyzer HA can function without VRRP, and VRRP is required on\y it youhave more than two FortiAnaiyzer devices in a cluster FortiAnalyzer HA implementation is supported by aii cloud providers. FortiAnalyzer HA supports synchronization ot logs as well as some system and conUguraVion settings All devices in a FortiAnalyzer HA cluster must run in the same operation mode-analyzer or collector.
After you have moved registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?
execute sql-local rebuild-adom <new-ADOM-name> To populate the new ADOM with analytical logs for the moved device, so you can run reports To migrate the archive logs to the new ADOM To remove the analytics logs of the device from the old database To reset the disk quota enforcement to default.
What is the best approach to handle a hard disl failure on a FotiAnalyzer that supports hardware RAID? Run execute format disk to format and restart FortiAnalyzer device Hot swap the disk. There is no need to do anything because the disk will seif-recovet Shut down FortiAnalyzer and replace the disk.
Which statement is true regarding Macros on FortiAnalyzer? Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM Macros are supported only on the FortiGate ADOM Macros are useful in generating excel log files automatically based on the report settings Macros are predefined templates for reports and cannot be customized.
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator in FortiAnalyzer.
Whats can you do on FortiAnalyzer to accomplish this? Click Task Monitor and view the tasks performed by that administrator. Click Log View and generate a report for that administrator. Click Fabric View and view the tasks performed by the rogue administrator Click FortiView and generate a report for that administrator.
Refer to the exhibit.
Which statement is correct regarding the event displayed? The security event risk is considered open An incident was created from this event The security risk was blocked or dropped The risk source is isolated.
What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization? A FortiGate ADOM Valid FortiAnalyzer credentials The FortiGate serial number A pre-shared key.
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? Choose two. Enable device detection on an interface on the Fortigate devices that are conected to the FortiAnalyzer device. Make sure all endpoints are reacheble by FortiAnalyzer Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
When working with FortiAnalyzer reports, what is the purpose ot a dataset? To provide the layout used for reports To set the data included in templates To retrieve data from the database To define the chart type to be used.
A playbook contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.
What will be the status of the playbook after its execution? Failed Running Success Upstream_failed.
In log View, you can use the Chart Builder feature to build a dataset and chart based on the tittered search resutts Similarly, which feature can you use for FortiView? Export to PDF Export to Custom Chart Export to Report Chart Export to Chart Builder.
Which two statements are true regardin enabling auto-cache on FortiAnalyzer? This feature Is automatically enabled tor scheduled reports. Report size will be optimized to conserve disk space on FortiAnaiyzer Enabling auto-cache reduces report generation time tor reports that require a long time to assemble datasets Reports will be cached in the memory.
If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected? The active port number is checked first The firmware version is checked first. The configured priority is checked first. The configured IP address is checked first.
For which two purposes would you use the command set log checksum? (Choose two) To encrypt log communications To help protect against man-in-the-middle attacks during log upload trom FortiAnalyzer to an SFTP server To send an identical set of logs to second logging server To prevent log modification or tampering.
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two ) When i n collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format By deploying different FortiAnalyzer devices in both modes, you can improve their overaii performance When in collector mode, FortiAnalyzer supports event management and reporting features. Collector mode is the default operating mode.
Which statement is true about sending notifications with incident updates? If you use multiple fabric connectors, all connectors must have the same notification settings. Notifications can be sent only by email. You can send notifications to multiple external platforms Notifications can be sent only when an incident is updated or deleted.
Which two statements are true regarding log fetching on FortiAnalyzer? Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer devices and sending them to another FortiAnalyzer A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other Log fetching allows the administrator to fetch analytics logs from another FortlAnatyzer for redundancy Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
|
