Practice Free FCP_FAZ_AD-7.4 Exam Online Questions
Question #51
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
- A . Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
- B . Make sure all endpoints are reachable by FortiAnalyzer.
- C . Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
- D . Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
Correct Answer: AD
AD
Explanation:
In order to configure IOC, you require the following:
• A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is restrictive and only meant to give you an idea of how the feature works.
• A web filter services subscription on FortiGate device(s)
• Web filter policies on FortiGate device(s) that send traffic to FortiAnalyzer
Compromised Hosts or Indicators of Compromise service (IOC) is a licensed feature.
To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.
Ref: https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewing-compromised-hosts
AD
Explanation:
In order to configure IOC, you require the following:
• A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is restrictive and only meant to give you an idea of how the feature works.
• A web filter services subscription on FortiGate device(s)
• Web filter policies on FortiGate device(s) that send traffic to FortiAnalyzer
Compromised Hosts or Indicators of Compromise service (IOC) is a licensed feature.
To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.
Ref: https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewing-compromised-hosts
Question #52
Which statement about the FortiSOAR management extension is correct?
- A . It requires a FortiManager configured to manage FortiGate
- B . It requires a dedicated FortiSOAR device or VM.
- C . It does not include a limited trial by default.
- D . It runs as a docker container on FortiAnalyzer
Correct Answer: D
Question #53
For which two purposes would you use the command set log checksum? (Choose two.)
- A . To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
- B . To prevent log modification or tampering
- C . To encrypt log communications
- D . To send an identical set of logs to a second logging server
Correct Answer: A, B
A, B
Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the config system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp, and authentication code when the log is rolled and archived and when the log is uploaded (if that feature is enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer to an SSH File Transfer Protocol (SFTP) server during log upload.
FortiAnalyzer_7.0_Study_Guide-Online page 149
A, B
Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the config system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp, and authentication code when the log is rolled and archived and when the log is uploaded (if that feature is enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer to an SSH File Transfer Protocol (SFTP) server during log upload.
FortiAnalyzer_7.0_Study_Guide-Online page 149
Question #54
View the exhibit.
What does the data point at 14:35 tell you?
- A . FortiAnalyzer is dropping logs.
- B . FortiAnalyzer is indexing logs faster than logs are being received.
- C . FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
- D . The sqlplugind daemon is ahead in indexing by one log.
Correct Answer: B
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-widget
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-widget
Question #55
What is the purpose of employing RAID with FortiAnalyzer?
- A . To introduce redundancy to your log data
- B . To provide data separation between ADOMs
- C . To separate analytical and archive data
- D . To back up your logs
Correct Answer: A
A
Explanation:
https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%20performance%20improvement%2C%20or%20both.
A
Explanation:
https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%20performance%20improvement%2C%20or%20both.