Fortinet FCP_FAZ_AD-7.4 Exam Practice Test Instant Access

Question 1

Which two statement are true regardless initial Logs sync and Log Data Sync for Ha on FortiAnalyzer?

ABy default, Log Data Sync is disabled on all backup devise.

BLog Data Sync provides real-time log synchronization to all backup devices.

CWith initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device.

DWhen Logs Data Sync is turned on, the backup device will reboot and then rebuilt the log database with the synchronized logs.

Answer : B, C

Question 2

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

ABoth modes, forwarding and aggregation, support encryption of logs between devices.

BIn aggregation mode, you can forward logs to syslog and CEF servers as well.

CAggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

DForwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Answer : A, C

A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. 'Real time' and 'aggregation' is about the 'moment' when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config).

C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.

Question 3

What is the purpose of the following CLI command?

ATo add a log file checksum

BTo add the MD's hash value and authentication code

CTo add a unique tag to each log to prove that it came from this FortiAnalyzer

DTo encrypt log communications

Answer : A

https://docs2.fortinet.com/document/fortianalyzer/6.0.3/cli-reference/849211/global

Question 4

FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for

analytics logs is 60 days.

What is the most likely problem?

AQuota enforcement is acting on analytical data before a report is complete

BLogs are rolling before the report is run

CCPU resources are too high

DDisk utilization for archive logs is set for 15 days

Answer : B

Question 5

Which process caches logs on FortiGate when FortiAnalyzer is not reachable?

Alogfiled

Bmiglogd

Csqlplugind

Doftpd

Answer : B

Question 6

What statements are true regarding disk log quota? (Choose two)

AThe FortiAnalyzer stops logging once the disk log quota is met.

BThe FortiAnalyzer automatically sets the disk log quota based on the device.

CThe FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

DThe FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Answer : C, D

Question 7

What is the purpose of employing RAID with FortiAnalyzer?

ATo introduce redundancy to your log data

BTo provide data separation between ADOMs

CTo separate analytical and archive data

DTo back up your logs

Answer : A

https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%20performance%20improvement%2C%20or%20both.

Fortinet FCP - FortiAnalyzer 7.4 Administrator FCP_FAZ_AD-7.4 Exam Practice Test