Practice Free FCP_FAZ_AD-7.4 Exam Online Questions
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?
- A . Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
- B . Configure # set resolve-ip enable in the system FortiView settings
- C . Configure local DNS servers on FortiAnalyzer
- D . Resolve IP addresses on FortiGate
D
Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get both source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP resolution does destination IPs only”
Which two parameters impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
- A . Total quota
- B . License type
- C . RAID level
- D . Disk size
CD
Explanation:
RAID level affects how much disk space is reserved for redundancy and fault tolerance. For example, RAID 1 mirrors data, meaning you need more space for redundancy, while RAID 5 or RAID 6 reserves space for parity.
Disk size directly influences the total available and reserved space since the larger the disk, the more space may need to be reserved for system functions, logs, and other operations.
The total quota and license type do not directly impact the reserved disk space, though they do influence other aspects of capacity and functionality.
What is Log Insert Lag Time on FortiAnalyzer?
- A . The number of times in the logs where end users experienced slowness while accessing resources.
- B . The amount of lag time that occurs when the administrator is rebuilding the ADOM database.
- C . The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.
- D . The amount of time FortiAnalyzer takes to receive logs from a registered device
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results.
Similarly, which feature you can use for FortiView?
- A . Export to Report Chart
- B . Export to PDF
- C . Export to Chart Builder
- D . Export to Custom Chart
D
Explanation:
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Creating-a-Custom-report-from-FortiView-Export-to-Report-Chart/ta-p/190154?externalID=FD40483
Similar to the Chart Builder feature in Log View, you can export a chart from a FortiView. The chart export includes any filters you set on the FortiView. FortiAnalyzer_7.0_Study_Guide-Online pag. 292.
Which statement is true about sending notifications with incident updates?
- A . Notifications can be sent only when an incident is updated or deleted.
- B . If you use multiple fabric connectors, all connectors must have the same notification settings
- C . Notifications can be sent only by email.
- D . You can send notifications to multiple external platforms
B
Explanation:
You can add more than one fabric connector, each with the same or different notification settings.
The receiving side of the connector must be configured for the notifications to be sent successfully.
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 34: Fabric connectors also enable FortiAnalyzer to send notifications to ITSM platforms when a new incident is created or for any subsequent updates.
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
- A . Antivirus logs
- B . Web filter logs
- C . IPS logs
- D . Application control logs
B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
Refer to the exhibit.
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?
- A . This FortiAnalyzer will join to the existing HA cluster as the primary.
- B . This FortiAnalyzer is configured to receive logs in its port1.
- C . This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
- D . After joining to the cluster, this FortiAnalyzer will keep an updated log database.
B
Explanation:
"If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit." (https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104)
Refer to the exhibit.
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?
- A . This FortiAnalyzer will join to the existing HA cluster as the primary.
- B . This FortiAnalyzer is configured to receive logs in its port1.
- C . This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
- D . After joining to the cluster, this FortiAnalyzer will keep an updated log database.
B
Explanation:
"If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit." (https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104)
Refer to the exhibit.
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.
Which filter will achieve the desired result?
- A . operation-login & dstip==10.1.1.210 & user!-admin
- B . operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
- C . operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin
- D . operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin
How can you attach a report to an incident?
- A . By attaching it to an event handler alert
- B . By editing the settings of the desired report
- C . From the properties of an existing incident
- D . Saving it in JSON format, and then importing it