Fortinet FCP_FAZ_AD-7.4 Exam Questions Instant Access

Question 1

What is the purpose of a predefined template on the FortiAnalyzer?

AIt can be edited and modified as required

BIt specifies the report layout which contains predefined texts, charts, and macros

CIt specifies report settings which contains time period, device selection, and schedule

DIt contains predefined data to generate mock reports

Answer : B

2300_Reports/0010_Predefined_reports.htm#:~:text=FortiAnalyzer%20includes%20a%20number%

20of,create%20and%2For%20build%20reports.&text=A%20template%20populates%20the%20Layout,that%

20is%20to%20be%20created.

https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0010_Predefined_reports.htm

Question 2

Which log will generate an event with the status Contained?

AAn IPS log with action=pass.

BA WebFilter log with action=dropped.

CAn AV log with action=quarantine.

DAn AppControl log with action=blocked.

Answer : C

Question 3

Refer to the exhibit.

The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.

What can you conclude from the configuration displayed?

AThis FortiAnalyzer will join to the existing HA cluster as the primary.

BThis FortiAnalyzer is configured to receive logs in its port1.

CThis FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.

DAfter joining to the cluster, this FortiAnalyzer will keep an updated log database.

Answer : B

'If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit.' (https://docs.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/275104)

Question 4

For which two purposes would you use the command set log-checksum? (Choose two.)

ATo encrypt log communications and data

BTo prevent log modification or tampering

CTo send an identical set of logs to a second logging server

DTo protect log data from man-in-the-middle attacks

Answer : B, D

Question 5

Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?

AFROM

BLIMIT

CWHERE

DORDER BY

Answer : A

Question 6

FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for

analytics logs is 60 days.

What is the most likely problem?

AQuota enforcement is acting on analytical data before a report is complete

BLogs are rolling before the report is run

CCPU resources are too high

DDisk utilization for archive logs is set for 15 days

Answer : B

Question 7

After generating a report, you notice the information you were expecting to see is not included in it. What are two possible reasons for this scenario? (Choose two.)

AYou enabled auto-cache with extended log filtering.

BThe logfiled service has not indexed all the expected logs.

CThe logs were overwritten by the data retention policy.

DThe time frame selected in the report is wrong.

Answer : B, C

Fortinet FCP - FortiAnalyzer 7.4 Administrator FCP_FAZ_AD-7.4 Exam Questions