A.  

The total disk space is insufficient and you need to add other disk.

B.  

CPU resources are too high.

C.  

The ADOM disk quota is set too low based on log rates.

D.  

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

A.  

To upload logs to an SFTP server

B.  

To prevent log modification during backup

C.  

To send an identical set of logs to a second logging server

D.  

To encrypt log communication between devices

A.  

SFTP, FTP, or SCP server

B.  

Mail server

C.  

Output profile

D.  

Report scheduling

A.  

Log upload

B.  

Indicators of Compromise

C.  

Log forwarding an aggregation mode

D.  

Log fetching

A.  

Standalone

B.  

Manager

C.  

Analyzer

D.  

Collector

A.  

Notifications can be sent only when an incident is created or deleted.

B.  

You must configure an output profile to send notifications by email.

C.  

Each incident can send notifications to a single external platform.

D.  

Each connector used can have different notification settings.

A.  

Output profiles

B.  

Report settings

C.  

Report scheduling

D.  

Custom datasets

A.  

This password is used if the authentication server becomes unreachable.

B.  

This password authenticates FortiAnalyzer aqainst the LDAP server.

C.  

This password is set to comply with FortiAnalvzer password policy

D.  

This password is required because this is a restricted user.

A.  

FortiAnalyzer is using the device MAC addresses to differentiate their logs.

B.  

The logs belong to devices that are part of a high availability (HA) cluster.

C.  

FortiAnalyzer is receiving logs from the root FortiGate of a Security Fabric.

D.  

The device sending logs has two VDOMs in the same ADOM.

A.  

A pre-shared key needs to be established on both sides.

B.  

The management computer does not have connectivity to the authorization IP address and port combination.

C.  

The Security Fabric root is unauthorized and needs to be added as a trusted host.

D.  

The fabric authorization settings on FortiAnalyzer are misconfigured.

A.  

Use this command only if the source IP addresses are not resolved on FortiGate.

B.  

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.  

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.  

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

A.  

This command records the log file MD5 hash value.

B.  

This command records passwords in log files and encrypts them.

C.  

This command encrypts log transfer between FortiAnalyzer and other devices.

D.  

This command records the log file MD5 hash value and authentication code.

A.  

Report size will be optimized to conserve disk space on FortiAnalyzer.

B.  

Reports will be cached in the memory.

C.  

This feature is automatically enabled for scheduled reports.

D.  

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

A.  

An IPS log with action=pass.

B.  

A WebFilter log with action=dropped.

C.  

An AV log with action=quarantine.

D.  

An AppControl log with action=blocked.

A.  

Custom datasets

B.  

Report scheduling

C.  

Report settings

D.  

Output profiles

A.  

Click FortiView and generate a report for that administrator.

B.  

Click Task Monitor and view the tasks performed by that administrator.

C.  

Click Log View and generate a report for that administrator.

D.  

View the tasks performed by the rogue administrator in Fabric View.

A.  

sqlplugind

B.  

logfiled

C.  

miglogd

D.  

ofrpd

A.  

The size of newly generated reports is optimized to conserve disk space.

B.  

FortiAnalyzer local cache is used to store generated reports.

C.  

When new logs are received, the hard-cache data is updated automatically.

D.  

The generation time for reports is decreased.

A.  

Improve report completion time.

B.  

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

C.  

Reduce the number of hcache tables and improve auto-hcache completion time.

D.  

Provides a better summary of reports.

A.  

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.  

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.  

Logs will be presented in both ADOMs immediately after the move.

D.  

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

A.  

To encrypt log communications and data

B.  

To prevent log modification or tampering

C.  

To send an identical set of logs to a second logging server

D.  

To protect log data from man-in-the-middle attacks

A.  

operation-login & dstip==10.1.1.210 & user!-admin

B.  

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.  

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.  

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

A.  

To reset all settings from flash except the current IP addresses and routes.

B.  

To erase all device settings and images, databases, and log data from the disk, but preserve the IP and routing info.

C.  

To perform a low-level format of the disk overwriting the hard disk with random data.

D.  

To reset to factory default settings from flash.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.

B.  

Macros are supported only on the FortiGate ADOM.

C.  

Macros are useful in generating excel log files automatically based on the reports settings.

D.  

Macros are predefined templates for reports and cannot be customized.

A.  

The number of times in the logs where end users experienced slowness while accessing resources.

B.  

The amount of lag time that occurs when the administrator is rebuilding the ADOM database.

C.  

The amount of time that passes between the time a log was received and when it was indexed on FortiAnalyzer.

D.  

The amount of time FortiAnalyzer takes to receive logs from a registered device

A.  

Log correlation

B.  

Host name resolution

C.  

Log collection

D.  

Real-time forwarding

A.  

RADIUS

B.  

Local

C.  

LDAP

D.  

PKI

E.  

TACACS+

A.  

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.  

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.  

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.  

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

A.  

Both modes, forwarding and aggregation send logs as soon as they are received.

B.  

Aggregation mode requires two FortiAnalyzer devices.

C.  

Forwarding mode forwards logs to other FortiAnalyzer devices syslog servers, or CEF servers.

D.  

Forwarding mode requires configuration on the server side.

A.  

System information

B.  

Logs from registered devices

C.  

Report information

D.  

Database snapshot

A.  

It is a device whose registration has not yet been accepted in FortiAnalvzer.

B.  

It is a device that has not yet been assigned an ADOM.

C.  

It is a device that is waiting for you to configure a pre-shared key.

D.  

It is a device that FortiAnalvzer does not support.

A.  

The traffic destination is another FortiGate in the fabric.

B.  

The upstream FortiGate is configured to do NAT

C.  

Log redundancy is configured in the fabric.

D.  

The downstream device cannot connect to FortiAnalyzer.

A.  

FortiAnalyzer Event Handler

B.  

Incoming webhook

C.  

FortiOS Event Log

D.  

Fabric Connector event

A.  

logfiled

B.  

miglogd

C.  

sqlplugind

D.  

oftpd

A.  

Network analysis

B.  

Graphical reporting

C.  

Content archiving / data mining

D.  

Vulnerability assessment

E.  

Security log analysis / forensics

A.  

A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.B It combines mirroring striping and distributed parity to provide performance and fault tolerance

B.  

A configuration with four disks, each with 2 TB of capacity, provides a total space of 2 T

B.  

C.  

It uses striping to provide performance and fault tolerance.

A.  

Incidents dashboards

B.  

Threat hunting

C.  

FortiView Monitor

D.  

Outbreak alert services

A.  

Output profile

B.  

Report scheduling

C.  

SFTP server

D.  

SNMP server

A.  

Principal

B.  

Service provider

C.  

Identity collector

D.  

Identity provider

A.  

Logs that reached a specific size and were rolled over

B.  

Logs that can be used to create reports

C.  

Logs that can be viewed using Log Browse

D.  

Logs that are saved to disk, compressed, and available in FortiView

A.  

To store playbook execution statistics

B.  

To use the output of the previous task as the input of the current task

C.  

To display details of the connectors used by a playbook

D.  

To save all the task settings when a playbook is exported

A.  

Total quota

B.  

License type

C.  

RAID level

D.  

Disk size

A.  

The maximum disk utilization for each device in the ADOM

B.  

The maximum disk utilization for the FortiAnalyzer model

C.  

The maximum disk utilization for the ADOM type

D.  

The maximum disk utilization for all devices in the ADOM

A.  

License type

B.  

Disk size

C.  

Total quota

D.  

RAID level

A.  

Hot swap the disk

B.  

Replace the disk and rebuild the RAID manually

C.  

Take no action if the RAID level supports a failed disk

D.  

Shut down FortiAnalyzer and replace the disk

A.  

By default, Log Data Sync is disabled on all backup devise.

B.  

Log Data Sync provides real-time log synchronization to all backup devices.

C.  

With initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

D.  

When Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

A.  

After joining the cluster, this FortiAnalyzer will forward received logs to its peers.

B.  

This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

C.  

This FortiAnalyzer is configured to route HA traffic through a gateway.

D.  

This FortiAnalyzer will join the existing HA cluster as the secondary.

A.  

It creates a wildcard administrator using LDAP and RADIUS servers.

B.  

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.  

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.  

It allows administrators to use two-factor authentication.

A.  

The performance of FortiAnalyzer is below the baseline.

B.  

FortiAnalyzer is using its cache to avoid dropping logs.

C.  

The log insert lag time is increasing.

D.  

The sqlplugind service is caught up with new logs.

A.  

The Fabric supervisor collects logs from the Fabric members.

B.  

Logging devices can register to the Fabric supervisor or to Fabric members.

C.  

Fabric members support HA.

D.  

Administrators can create new incidents from the Fabric supervisor.

A.  

An administrator with the default standard_User profile can create ADOMs.

B.  

Disk quotas can be defined per device inside the ADOM.

C.  

FortiAnalyzer creates default ADOMs when ADOMs are enabled.

D.  

The ADOM type you create must match the device type you are planning to add.

A.  

3.6% of the system storage is already being used.

B.  

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

C.  

The oftpd process has not archived the logs yet

D.  

The logfiled process is just estimating the total quota

A.  

The security risk was blocked or dropped.

B.  

The security event risk is considered open.

C.  

An incident was created from this event.

D.  

The risk source is isolated.