A.  

An account that permits access to members of an LDAP group

B.  

An account that allows guest access with read-only privileges

C.  

An account that requires two-factor authentication

D.  

An account that validates against any user account on a FortiAuthenticator

A.  

Forwarded logs cannot be filtered to match specific criteria.

B.  

Logs are forwarded in real-time only.

C.  

The client retains a local copy of the logs after forwarding.

D.  

You can use aggregation mode only with another FortiAnalyzer.

A.  

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.  

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.  

Logs that are indexed and stored in the SQL database.

D.  

Logs that are collected from offline devices after they boot up.

A.  

Fortinet is assigned the Standard_ User administrator profile.

B.  

A trusted host is configured.

C.  

ADOM mode is configured with Advanced mode.

D.  

Fortinet is assigned the Restricted_ User administrator profile.

A.  

FortiView

B.  

Event Management

C.  

Device Manger

D.  

Reporting

A.  

Mail server

B.  

Output profile

C.  

SFTP server

D.  

Report scheduling

A.  

To upload logs to an SFTP server

B.  

To prevent log modification during backup

C.  

To send an identical set of logs to a second logging server

D.  

To encrypt log communication between devices

A.  

To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server

B.  

To prevent log modification or tampering

C.  

To encrypt log communications

D.  

To send an identical set of logs to a second logging server

A.  

All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B.  

Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C.  

Both secure communications methods (SSL and IPsec) allow the store and upload option.

D.  

Disk logging is enabled on the FortiGate through the CLI only.

E.  

Disk logging is enabled by default on the FortiGate.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

To properly correlate logs

B.  

To use real-time forwarding

C.  

To resolve host names

D.  

To improve DNS response times

A.  

CPU resources are too high

B.  

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

C.  

The total disk space is insufficient and you need to add other disk

D.  

The ADOM disk quota is set too low, based on log rates

A.  

RADIUS

B.  

Local

C.  

LDAP

D.  

PKI

E.  

TACACS+

A.  

FortiAnalyzer needs that time to parse the new playbook.

B.  

FortiAnalyzer needs that time to back up the current playbooks.

C.  

FortiAnalyzer needs that time to ensure there are no other playbooks running.

D.  

FortiAnalyzer needs that time to debug the new playbook.

A.  

It sorts log data into tables

B.  

It extracts the database schema

C.  

It retrieves log data from the database

D.  

It injects log data into the database

A.  

The endpoint is marked as Compromised and. optionally, can be put in quarantine.

B.  

FortiAnalyzer flags the associated host for further analysis.

C.  

A new Infected entry is added for the corresponding endpoint.

D.  

The detection engine classifies those logs as Suspicious

A.  

Hot swap the disk.

B.  

There is no need to do anything because the disk will self-recover.

C.  

Run execute format disk to format and restart the FortiAnalyzer device.

D.  

Shut down FortiAnalyzer and replace the disk

A.  

Set the ADOM mode toAdvanced

B.  

Assign the ADOMs to the administrator’s account

C.  

Configure trusted hosts

D.  

Assign the defaultSuper_Useradministrator profile

A.  

Notifications can be sent only when an incident is created or deleted.

B.  

You must configure an output profile to send notifications by email.

C.  

Each incident can send notifications to a single external platform.

D.  

Each connector used can have different notification settings.

A.  

SMS

B.  

Email

C.  

SNMP

D.  

IM

A.  

FortiAnalyzer overwrites the log files.

B.  

FortiAnalyzer stops logging.

C.  

FortiAnalyzer rolls the active log by renaming the file.

D.  

FortiAnalyzer forwards logs to syslog.

A.  

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

B.  

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

C.  

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

D.  

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

A.  

Configure local DNS servers on FortiAnalyzer

B.  

Resolve IPs on FortiGate

C.  

Configure # set resolve-ip enable in the system FortiView settings

D.  

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

A.  

Principal

B.  

Service provider

C.  

Identity collector

D.  

Identity provider

A.  

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.

B.  

Make sure all endpoints are reachable by FortiAnalyzer.

C.  

Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.

D.  

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

A.  

FROM

B.  

LIMIT

C.  

WHERE

D.  

ORDER BY

A.  

The FortiAnalyzer stops logging once the disk log quota is met.

B.  

The FortiAnalyzer automatically sets the disk log quota based on the device.

C.  

The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D.  

The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

A.  

To reduce report generation time

B.  

To automatically update the hcache when new logs arrive

C.  

To reduce the log insert lag rate

D.  

To provide diagnostics on report generation time

A.  

SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'

B.  

SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid

C.  

SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

D.  

FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid

A.  

Logs that reached a specific size and were rolled over

B.  

Logs that can be used to create reports

C.  

Logs that can be viewed using Log Browse

D.  

Logs that are saved to disk, compressed, and available in FortiView

A.  

To store playbook execution statistics

B.  

To use the output of the previous task as the input of the current task

C.  

To display details of the connectors used by a playbook

D.  

To save all the task settings when a playbook is exported

A.  

To provide the layout used for reports

B.  

To define the chart type to be used

C.  

To retrieve data from the database

D.  

To set the data included in templates

A.  

logfiled

B.  

sqlplugind

C.  

oftpd

D.  

miglogd

A.  

Success

B.  

Failed

C.  

Running

D.  

Upstream_failed

A.  

It creates a wildcard administrator using LDAP and RADIUS servers.

B.  

Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.

C.  

Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.

D.  

It allows administrators to use two-factor authentication.

A.  

Incidents dashboards

B.  

Threat hunting

C.  

FortiView Monitor

D.  

Outbreak alert services

A.  

The configured IP address is checked first.

B.  

The active port number is checked first.

C.  

The firmware version is checked first.

D.  

The configured priority is checked first

A.  

The received rate is almost at its maximum for this device

B.  

The sqlplugind daemon is behind in log indexing by two logs

C.  

Logs are being dropped

D.  

Raw logs are reaching FortiAnalyzer faster than they can be indexed

A.  

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

B.  

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

C.  

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

D.  

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

A.  

Output profiles

B.  

Report settings

C.  

Report scheduling

D.  

Custom datasets

A.  

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

B.  

You do not need an additional license to send logs to the cloud platform.

C.  

Fabric connectors allow you to improve redundancy.

D.  

Using fabric connectors is more efficient than using third-party polling with API.