Practice Free FCP_FAZ_AN-7.4 Exam Online Questions
Consider the CLI command:
What is the purpose of the command?
- A . To add a unique tag to each log to prove that it came from this FortiAnalyzer
- B . To add a log file checksum
- C . To encrypt log communications
- D . To add the MD5 hash value and authentication code
What statements are true regarding disk log quota? (Choose two)
- A . The FortiAnalyzer stops logging once the disk log quota is met.
- B . The FortiAnalyzer automatically sets the disk log quota based on the device.
- C . The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
- D . The FortiAnalyzer disk log quota is configurable, but has a minimum 100mb a maximum based on the reserved system space.
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails.
What will be the status of the playbook after it is run?
- A . Running
- B . Failed
- C . Upstream_failed
- D . Success
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
- A . To properly correlate logs
- B . To use real-time forwarding
- C . To resolve host names
- D . To improve DNS response times
What is Log Insert Lag Time on FortiAnalyzer?
- A . The number of times in the logs where end users experienced slowness while accessing resources.
- B . The amount of lag time that occurs when the administrator is rebuilding the ADOM database.
- C . The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.
- D . The amount of time FortiAnalyzer takes to receive logs from a registered device
Which two statements are true regarding ADOM modes? (Choose two.)
- A . You can only change ADOM modes through CL
- B . In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADO
- C . In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
- D . Normal mode is the default ADOM mode.
What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?
- A . The endpoint is marked as Compromised and. optionally, can be put in quarantine.
- B . FortiAnalyzer flags the associated host for further analysis.
- C . A new Infected entry is added for the corresponding endpoint.
- D . The detection engine classifies those logs as Suspicious
An administrator has configured the following settings:
config system fortiview settings
set resolve-ip enable
end
What is the significance of executing this command?
- A . Use this command only if the source IP addresses are not resolved on FortiGate.
- B . It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
- C . You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
- D . It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.
What are analytics logs on FortiAnalyzer?
- A . Log type Traffic logs.
- B . Logs that roll over when the log file reaches a specific size.
- C . Logs that are indexed and stored in the SQL.
- D . Raw logs that are compressed and saved to a log file.
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)
- A . Remote logging must be enabled on FortiGate
- B . FortiGate must be registered with FortiAnalyzer
- C . Log encryption must be enabled
- D . ADOMs must be enabled