Practice Free FCP_FAZ_AD-7.4 Exam Online Questions
A play book contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.
What will be the status of the playbook after its execution?
- A . Success
- B . Failed
- C . Running
- D . Upstream_failed
B
Explanation:
Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor. FortiAnalyzer_7.0_Study Guide page No: 247
Playbook jobs that include one or more failed tasks are labeled as Failed in Playbook Monitor. A failed status, however, does not mean that all tasks failed. Some individual actions may have been completed successfully.
Refer to the exhibit.
The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)
- A . It creates a wildcard administrator using LDAP and RADIUS servers.
- B . Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and
RADIUS. - C . Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.
- D . It allows administrators to use two-factor authentication.
A, B
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/7.0.1/administration-guide/858351/creating-administrators
In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?
- A . The traffic destination is another FortiGate in the fabric.
- B . The upstream FortiGate is configured to do NAT
- C . Log redundancy is configured in the fabric.
- D . The downstream device cannot connect to FortiAnalyzer.
B
Explanation:
When the upstream FortiGate is performing Network Address Translation (NAT), it creates new session entries for traffic passing through it. As a result, it generates its own traffic logs for those sessions, even if the sessions were initiated on a downstream FortiGate. This is because the upstream FortiGate is altering the source IP address, making it responsible for tracking the session details.
What does the disk status Degraded mean for RAID management?
- A . One or more drives are missing from the FortiAnalyzer unit. The drive is no longer available to the operating system.
- B . The FortiAnalyzer device is writing to all the hard drives on the device in order to make the array fault tolerant.
- C . The FortiAnalyzer device is writing data to a newly added hard drive in order to restore the hard drive to an optimal state.
- D . The hard driveiIs no longer being used by the RAID controller
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)
- A . SSL is the default setting.
- B . SSL communications are auto-negotiated between the two devices.
- C . SSL can send logs in real-time only.
- D . SSL encryption levels are globally set on FortiAnalyzer.
- E . FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)
- A . Virtual domains
- B . Administrative access profiles
- C . Trusted hosts
- D . Security Fabric
BC
Explanation:
Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/219292/administrator-profiles
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/581222/trusted-hosts
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used.
What does the disk quota refer to?
- A . The maximum disk utilization for each device in the ADOM
- B . The maximum disk utilization for the FortiAnalyzer model
- C . The maximum disk utilization for the ADOM type
- D . The maximum disk utilization for all devices in the ADOM
Refer to the exhibit.
What is the purpose of using the Chart Builder feature on FortiAnalyzer?
- A . To add a new chart under FortiView to be used in new reports
- B . To build a dataset and chart automatically, based on the filtered search results
- C . To add charts directly to generate reports in the current ADOM
- D . To build a chart automatically based on the top 100 log entries
Refer to the exhibit.
Which statement is correct regarding the event displayed?
- A . The security risk was blocked or dropped.
- B . The security event risk is considered open.
- C . An incident was created from this event.
- D . The risk source is isolated.
A
Explanation:
Events in FortiAnalyzer will be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.
The possible statuses are:
Unhandled: The security event risk is not mitigated or contained, so it is considered open.
Contained: The risk source is isolated.
Mitigated: The security risk is mitigated by being blocked or dropped.
(Blank): Other scenarios.
FortiAnalyzer_7.0_Study_Guide-Online pag. 206
Refer to the exhibit.
What does the data point at 14:55 tell you?
- A . The received rate is almost at its maximum for this device
- B . The sqlplugind daemon is behind in log indexing by two logs
- C . Logs are being dropped
- D . Raw logs are reaching FortiAnalyzer faster than they can be indexed