A.  

The fetch client can retrieve logs from devices that are not added to its local Device Manager

B.  

You can use filters to include only logs from a single device.

C.  

The fetching profile must include a user with the Super_User profile.

D.  

The archive logs retrieved from the server become archive logs in the client.

A.  

Click FortiView and generate a report for that administrator.

B.  

Click Task Monitor and view the tasks performed by that administrator.

C.  

Click Log View and generate a report for that administrator.

D.  

View the tasks performed by the rogue administrator in Fabric View.

A.  

Quota enforcement is acting on analytical data before a report is complete

B.  

Logs are rolling before the report is run

C.  

CPU resources are too high

D.  

Disk utilization for archive logs is set for 15 days

A.  

The log file is stored as a raw log and is available for analytic support.

B.  

The log file rolls over and is archived.

C.  

The log file is purged from the database.

D.  

The log file is overwritten.

A.  

FortiView

B.  

Event Management

C.  

Device Manger

D.  

Reporting

A.  

To provide the layout used for reports

B.  

To define the chart type to be used

C.  

To retrieve data from the database

D.  

To set the data included in templates

A.  

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

B.  

Archived logs will be moved to ADOM1 from the root ADOM automatically.

C.  

Logs will be presented in both ADOMs immediately after the move.

D.  

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the ADOM1 SQL database.

A.  

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.  

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.  

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.  

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

A.  

SQL FROM statement

B.  

SQL GET statement

C.  

SQL SELECT statement

D.  

SQL EXTRACT statement

A.  

The total disk space is insufficient and you need to add other disk.

B.  

CPU resources are too high.

C.  

The ADOM disk quota is set too low based on log rates.

D.  

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

A.  

The configured IP address is checked first.

B.  

The active port number is checked first.

C.  

The firmware version is checked first.

D.  

The configured priority is checked first

A.  

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.  

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.  

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.  

Disk logging is enabled on the FortiGate through the CLI only.

E.  

Disk logging is enabled by default on the FortiGate.

A.  

They limit which logs are checked for matches by the other filters.

B.  

They can filter the logs before they are processed by FortiAnalyzer

C.  

They download new filters to be used in event handlers.

D.  

They are common filters applied simultaneously to all event handlers.

A.  

Virtual domains

B.  

Administrative access profiles

C.  

Trusted hosts

D.  

Security Fabric

A.  

Use this command only if the source IP addresses are not resolved on FortiGate.

B.  

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

C.  

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

D.  

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

3.6% of the system storage is already being used.

B.  

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

C.  

The oftpd process has not archived the logs yet

D.  

The logfiled process is just estimating the total quota

A.  

FortiAnalyzer Event Handler

B.  

Incoming webhook

C.  

FortiOS Event Log

D.  

Fabric Connector event

A.  

FortiAnalyzer provides the ability to create custom reports.

B.  

FortiAnalyzer glows you to schedule reports to run.

C.  

FortiAnalyzer includes pre-defined reports only.

D.  

FortiAnalyzer allows reporting for FortiGate devices only.

A.  

FortiAnalyzer resets the disk quota of the new ADOM to default.

B.  

FortiAnalyzer migrates archive logs to the new ADOM.

C.  

FortiAnalyzer migrates analytics logs to the new ADOM.

D.  

FortiAnalyzer removes logs from the old ADOM.

A.  

In Log View, this feature allows you to build a dataset and chart automatically, based on the filtered search results.

B.  

In Log View, this feature allows you to build a chart and chart automatically, on the top 100 log entries.

C.  

This feature allows you to build a chart under FortiView.

D.  

You can add charts to generated reports using this feature.

A.  

Hot swap the disk

B.  

Replace the disk and rebuild the RAID manually

C.  

Take no action if the RAID level supports a failed disk

D.  

Shut down FortiAnalyzer and replace the disk

A.  

The FortiAnalyzer stops logging once the disk log quota is met.

B.  

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.  

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.  

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

A.  

SSL is the default setting.

B.  

SSL communications are auto-negotiated between the two devices.

C.  

SSL can send logs in real-time only.

D.  

SSL encryption levels are globally set on FortiAnalyzer.

E.  

FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

A.  

FortiAnalyzerl and FortiAnalyzer3

B.  

FortiAnalyzer1 and FortiAnalyzer2

C.  

All devices listed can be members

D.  

FortiAnalyzer2 and FortiAnalyzer3

A.  

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B.  

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C.  

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D.  

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

A.  

Allows you to manage the entire life cycle of a threat or breach.

B.  

Its use of the available disk space is capped at 50%.

C.  

It requires a licensed FortiSIEM supervisor.

D.  

It can be installed as a dedicated VM.

A.  

Custom datasets

B.  

Report scheduling

C.  

Report settings

D.  

Output profiles

A.  

Both modes, forwarding and aggregation, support encryption of logs between devices.

B.  

In aggregation mode, you can forward logs to syslog and CEF servers as well.

C.  

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

D.  

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

A.  

Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more efficient than third-party information from the FortiAnalyzer API.

B.  

Fabric connectors allow to save storage costs and improve redundancy.

C.  

Storage connector service does not require a separate license to send logs to cloud platform.

D.  

Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure Blob , and Google Cloud.

A.  

Centralized log repository

B.  

Cloud-based management

C.  

Reports

D.  

Virtual domains (VDOMs)

A.  

ADOMs are enabled by default.

B.  

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

C.  

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

D.  

All administrators can create ADOMs--not just the admin administrator.

A.  

logfiled

B.  

sqlplugind

C.  

oftpd

D.  

miglogd

A.  

Hot swap the disk.

B.  

There is no need to do anything because the disk will self-recover.

C.  

Run execute format disk to format and restart the FortiAnalyzer device.

D.  

Shut down FortiAnalyzer and replace the disk

A.  

FortiAnalyzer uses log fetching to retrieve the logs when back online

B.  

FortiGate uses the miglogd process to cache the logs

C.  

The logfiled process stores logs in offline mode

D.  

Logs are dropped

A.  

Forwarded logs cannot be filtered to match specific criteria.

B.  

Logs are forwarded in real-time only.

C.  

The client retains a local copy of the logs after forwarding.

D.  

You can use aggregation mode only with another FortiAnalyzer.

A.  

CPU resources are too high

B.  

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.  

The total disk space is insufficient and you need to add other disk

D.  

The ADOM disk quota is set too low, based on log rates

A.  

sqlplugind

B.  

logfiled

C.  

miglogd

D.  

ofrpd

A.  

Shut down FortiAnalyzer and then replace the disk

B.  

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

C.  

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

D.  

Perform a hot swap

A.  

You can only change ADOM modes through CLI.

B.  

In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.

C.  

In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.

D.  

Normal mode is the default ADOM mode.