A.  

To build a chart automatically based on the top 100 log entries

B.  

To add charts directly to generate reports in the current ADOM.

C.  

To add a new chart under FortiView to be used in new reports

D.  

To build a dataset and chart based on the filtered search results

A.  

It allows you to manage the entire life cycle of a threat or breach.

B.  

It can be installed as a dedicated VM.

C.  

Its use of the available disk space is capped at 50%.

D.  

It requires a licensed FortiSIEM supervisor.

A.  

It requires a FortiManager configured to manage FortiGate.

B.  

It runs as a docker container on FortiAnalyzer.

C.  

It requires a dedicated FortiSOAR device or VM.

D.  

It does not include a limited trial by default.

A.  

Check the time frame covered by the report.

B.  

Disable auto-cache.

C.  

Increase the report utilization quota.

D.  

Test the dataset.

A.  

Reports provide mora configuration options than templates

B.  

Templates can be cloned, but reports cannot be cloned.

C.  

Reports support macros, but templates do not.

D.  

Template are mapped to device groups. while reports are mapped to ADOMs

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

The incident can no longer be deleted.

B.  

The corresponding event will be marked as Mitigated.

C.  

The incident dashboard will be updated.

D.  

The incident severity will be lowered.

A.  

The low indexing values require investigation.

B.  

The output is not ADOM specific.

C.  

There are more event logs than traffic logs.

D.  

The log rate higher than the message rate is not normal.

A.  

SELECT devid FROM $log GROUP BY devid WHERE ‘user’,,’ users1’

B.  

SELECT FROM $log WHERE devid ‘user’,, USER1’ GROUP BY devid

C.  

SELCT devid WHERE ’user’-‘ USER1’ FROM $log GROUP By devid

D.  

SELECT devid FROM $log WHERE ‘user’=’ GROUP BY devid

A.  

A playbook that was disabled when it was exported mil be disabled when it is imported.

B.  

Playbooks can so imported 10 a different FortiAnayzer device, but only if the connectors already exist

C.  

You can import a playbook even if there is another one win the same name in the destination

D.  

You can export only one playbook at a time.

A.  

Operation-login and performed_on==’’GUI(10.1.1.100)’ and user!=admin

B.  

Operation-login and performed_on==’’GU (10.1.1.120)’ and user!=admin

C.  

Operation-login and srcip== 10.1.1.100 and dstip==10.1.1.1.210 and user==admin

D.  

Operation-login and dstip==10.1.1.210 and user!-admin

A.  

FortiAnalyzer will not commit changes made by a Failed playbook

B.  

The Playbook Monitor provides troubleshooting logs

C.  

You can run the default debugging playbook to investigate playbook errors.

D.  

Even I the playbook status is Failed, individual tasks may have succeeded.

A.  

Configure a custom dashboard.

B.  

Configure a custom view.

C.  

Configure a data selector.

D.  

Configure a marco and apply it to device groups.

A.  

They filter the types of logs that FortiAnalyzer can accept from registered devices.

B.  

They download new filters can be used in event handlers.

C.  

They apply their filter criteria to the entire event handler so that you don’t have to configure the same criteria in the individual rules.

D.  

They are common filters that can be applied simultaneously to all event handlers.

A.  

An additional license is required.

B.  

It automatically downloads new event handlers and reports.

C.  

Outbreak alerts are available on the root ADOM only.

D.  

New alerts are received by email.

A.  

They can be downloaded to a file.

B.  

They are sortable by columns and customizable.

C.  

They are not available for analysis in FortiView.

D.  

They were searched by using text mode.