Practice Free FCP_FAZ_AD-7.4 Exam Online Questions
Question #11
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.
What can be the reason for this failure?
- A . FortiAnalyzer is in an HA cluster.
- B . ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
- C . ADOMs are not enabled on FortiAnalyzer.
- D . A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
Correct Answer: C
C
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm
C
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm
Question #11
The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device.
What can be the reason for this failure?
- A . FortiAnalyzer is in an HA cluster.
- B . ADOM mode should be set to advanced, in order to register the FortiClient EMS device.
- C . ADOMs are not enabled on FortiAnalyzer.
- D . A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device.
Correct Answer: C
C
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm
C
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/0800_ADOMs/0015_FortiClient%20and%20ADOMs.htm
Question #13
What does the disk status Degraded mean for RAID management?
- A . The hard drive is no longer being used by the RAID controller.
- B . One or more drives are missing from the FortiAnalyzer unit.
- C . The device is writing data to the disk to restore the volume to an optimal state.
- D . FortiAnalyzer determined that the parity data in the disk is not valid.
Correct Answer: A
A
Explanation:
When the RAID status is Degraded, it typically indicates that one or more drives in the RAID array have failed or are missing, causing the RAID array to operate with reduced redundancy. In this state, the array is still functioning, but it’s at risk because the fault tolerance provided by RAID is compromised.
A
Explanation:
When the RAID status is Degraded, it typically indicates that one or more drives in the RAID array have failed or are missing, causing the RAID array to operate with reduced redundancy. In this state, the array is still functioning, but it’s at risk because the fault tolerance provided by RAID is compromised.
Question #14
On the RAID management page, the disk status is listed as Initializing.
What does the status Initializing indicate about what the FortiAnalyzer is currently doing?
- A . FortiAnalyzer is ensuring that the parity data of a redundant drive is valid
- B . FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
- C . FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
- D . FortiAnalyzer is functioning normally
Correct Answer: C
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef-11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef-11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
Question #15
Refer to the exhibit.
Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?
- A . FortiAnalyzerl and FortiAnalyzer3
- B . FortiAnalyzer1 and FortiAnalyzer2
- C . All devices listed can be members
- D . FortiAnalyzer2 and FortiAnalyzer3
Correct Answer: C
Question #16
An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails.
What can be the problem?
- A . ADOM mode is configured with Advanced mode.
- B . A trusted host is configured.
- C . fortinet is assigned the default Standard_User administrative profile.
- D . fortinet is assigned the default Restricted_User administrative profile.
Correct Answer: C
C
Explanation:
The Standard_User profile allows viewing logs and performing some device management tasks but typically does not allow configuring global settings like creating a mail server for alert emails. To create a mail server, the administrator would need to have a profile with higher privileges, such as Super_User or a custom profile with the necessary permissions.
C
Explanation:
The Standard_User profile allows viewing logs and performing some device management tasks but typically does not allow configuring global settings like creating a mail server for alert emails. To create a mail server, the administrator would need to have a profile with higher privileges, such as Super_User or a custom profile with the necessary permissions.
Question #17
Which SQL query is in the correct order to query the database in the FortiAnslyzer?
- A . SELECT devid FROM Slog GROOP BY devid WHERE * user’ =* USERl’
- B . SELECT devid WHERE ‘u3er’=’USERl’ FROM $ log GROUP BY devid
- C . SELECT devid FROM Slog- WHERE *user’ =’ USERl’ GROUP BY devid
- D . FROM Slog WHERE ‘user* =’ USERl’ SELECT devid GROUP BY devid
Correct Answer: C
C
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 259: The main clauses FortiAnalyzer reports use are
as follows:
• FROM
• WHERE
• GROUP BY
• ORDER BY
• LIMIT
• OFFSET
Accordingly, following the SELECT keyword, the statement must be followed by one or more clauses in the order in which they appear in the table shown on this slide.
C
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 259: The main clauses FortiAnalyzer reports use are
as follows:
• FROM
• WHERE
• GROUP BY
• ORDER BY
• LIMIT
• OFFSET
Accordingly, following the SELECT keyword, the statement must be followed by one or more clauses in the order in which they appear in the table shown on this slide.
Question #18
Questions and Answers PDF
FortiAnalyzer centralizes which functions? (Choose three)
- A . Network analysis
- B . Graphical reporting
- C . Content archiving / data mining
- D . Vulnerability assessment
- E . Security log analysis / forensics
Correct Answer: BCE
Question #19
Which statement correctly describes the management extensions available on FortiAnalyzer?
- A . Management extensions do not require additional licenses.
- B . Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.
- C . Management extensions require a dedicated VM for best performance.
- D . Management extensions may require a minimum number of CPU cores to run.
Correct Answer: D
D
Explanation:
Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.
The possible statuses are:
Unhandled: The security event risk is not mitigated or contained, so it is considered open.
Contained: The risk source is isolated.
Mitigated: The security risk is mitigated by being blocked or dropped.
(Blank): Other scenarios.
FortiAnalyzer_7.0_Study_Guide-Online pag. 189.
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 189: Review the hardware requirements before you enable a management extension application. Some of them require a minimum amount of memory or a minimum number of CPU cores.
D
Explanation:
Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.
The possible statuses are:
Unhandled: The security event risk is not mitigated or contained, so it is considered open.
Contained: The risk source is isolated.
Mitigated: The security risk is mitigated by being blocked or dropped.
(Blank): Other scenarios.
FortiAnalyzer_7.0_Study_Guide-Online pag. 189.
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 189: Review the hardware requirements before you enable a management extension application. Some of them require a minimum amount of memory or a minimum number of CPU cores.
Question #20
Which statement correctly describes RAID 10 (1+0) on FortiAnalyzer?
- A . A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.
B 11 combines mirroring striping and distributed parity to provide performance and fault tolerance - B . A configuration with four disks, each with 2 TB of capacity, provides a total space of 2 TB.
- C . It uses striping to provide performance and fault tolerance.
Correct Answer: A
A
Explanation:
RAID 10 combines mirroring (RAID 1) and striping (RAID 0). In a RAID 10 setup with four disks, data is mirrored across two pairs of disks, and those pairs are striped for performance. This results in improved performance and fault tolerance, but the total usable storage is 50% of the total raw storage, meaning four 2 TB disks provide 4 TB of usable space.
A
Explanation:
RAID 10 combines mirroring (RAID 1) and striping (RAID 0). In a RAID 10 setup with four disks, data is mirrored across two pairs of disks, and those pairs are striped for performance. This results in improved performance and fault tolerance, but the total usable storage is 50% of the total raw storage, meaning four 2 TB disks provide 4 TB of usable space.