Fortinet FCP_FAZ_AN-7.4 Exam Questions Instant Access

Question 1

An administrator on your team has configured multiple reports to run periodically. Management has an additional request that all new generated reports be sent to a company email inbox for accessibility. The mail server has already been configured on FortiAnalyzer.

Which item must configure on FortiAnalyzer so that emails are sent when the reports are generated?

AEnable the option to email all repots under the mail server.

BAdd a mailto:<email address> option within the report layouts.

CEnable email notification under the report calendar.

DEnable an output profile on the reports.

Answer : D

To ensure that reports generated by FortiAnalyzer are automatically sent to an email inbox, you need to set up an output profile for the reports. Output profiles specify where and how reports should be delivered, including the option to send them via email.

Option A - Enable the Option to Email All Reports Under the Mail Server:

The mail server configuration allows FortiAnalyzer to send emails but does not automatically enable email distribution for reports. This setting alone does not specify which reports to send or to whom.

Conclusion: Incorrect.

Option B - Add a mailto:<email address> Option Within the Report Layouts:

Adding an email address within the report layout is not a standard configuration option for report distribution. Report layouts define the format and content of the report but not its distribution method.

Conclusion: Incorrect.

Option C - Enable Email Notification Under the Report Calendar:

The report calendar is used to schedule when reports are generated. While it triggers report generation at specific times, it does not handle email distribution. Emailing reports requires a configured output profile.

Conclusion: Incorrect.

Option D - Enable an Output Profile on the Reports:

An output profile can be configured on FortiAnalyzer to define delivery options, including emailing the report to specified recipients. This setup ensures that every time a report is generated according to the schedule, it is automatically emailed to the configured address.

Conclusion: Correct.

Conclusion:

Correct Answe r : D. Enable an output profile on the reports.

Configuring an output profile is the correct way to set up automatic email distribution of generated reports in FortiAnalyzer.

FortiAnalyzer 7.4.1 documentation on configuring output profiles and report distribution settings.

Question 2

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

AFortiAnalyzer flags the associated host for further analysis.

BA new infected entry is added for the corresponding endpoint under Compromised Hosts.

CThe detection engine classifies those logs as Suspicious.

DThe endpoint is marked as Compromised and, optionally, can be put in quarantine.

Answer : B

Question 3

Which statement about SQL SELECT queries is true?

AThey can be used to purge log entries from the database.

BThey must be followed immediately by a WHERE clause.

CThey can be used to display the database schema.

DThey are not used in macros.

Answer : D

Option A - Purging Log Entries:

A SELECT query in SQL is used to retrieve data from a database and does not have the capability to delete or purge log entries. Purging logs typically requires a DELETE or TRUNCATE command.

Conclusion: Incorrect.

Option B - WHERE Clause Requirement:

In SQL, a SELECT query does not require a WHERE clause. The WHERE clause is optional and is used only when filtering results. A SELECT query can be executed without it, meaning this statement is false.

Conclusion: Incorrect.

Option C - Displaying Database Schema:

A SELECT query retrieves data from specified tables, but it is not used to display the structure or schema of the database. Commands like DESCRIBE, SHOW TABLES, or SHOW COLUMNS are typically used to view schema information.

Conclusion: Incorrect.

Option D - Usage in Macros:

FortiAnalyzer and similar systems often use macros for automated functions or specific query-based tasks. SELECT queries are typically not included in macros because macros focus on procedural or repetitive actions, rather than simple data retrieval.

Conclusion: Correct.

Conclusion:

Correct Answe r : D. They are not used in macros.

This aligns with typical SQL usage and the specific functionalities of FortiAnalyzer.

FortiAnalyzer 7.4.1 documentation on SQL queries, database operations, and macro usage.

Question 4

Which statement about automation connectors in FortiAnalyzer is true?

AAn ADOM with the Fabric type comes with multiple connectors configured.

BThe local connector becomes available after you configured any external connector.

CThe local connector becomes available after you connectors are displayed.

DThe actions available with FortiOS connectors are determined by automation rules configured on FortiGate.

Answer : D

Question 5

Which two statements about local logs on FortiAnalyzer are true? (Choose two.)

AThey are not supported in FortiView.

BYou can view playbook logs for all ADOMs in the root ADOM.

CEvent logs show system-wide information, whereas application logs are ADOM specific.

DEvent logs are available only in the root ADOM.

Answer : B, C

FortiAnalyzer manages and stores various types of logs, including local logs, across different ADOMs (Administrative Domains). Each type of log serves specific purposes, with some logs being ADOM-specific and others providing system-wide information.

Option A - Local Logs Not Supported in FortiView:

Local logs are indeed supported in FortiView. FortiView provides visibility and analytics for different log types across the system, including local logs, allowing users to view and analyze data efficiently.

Conclusion: Incorrect.

Option B - Playbook Logs for All ADOMs in the Root ADOM:

FortiAnalyzer allows centralized viewing of playbook logs across all ADOMs from the root ADOM. This feature provides an overarching view of playbook executions, facilitating easier monitoring and management for administrators.

Conclusion: Correct.

Option C - Event Logs vs. Application Logs:

Event Logs provide information about system-wide events, such as login attempts, configuration changes, and other critical activities that impact the overall system. These logs apply across the FortiAnalyzer instance.

Application Logs are more specific to individual ADOMs, capturing details that pertain to ADOM-specific applications and configurations.

Conclusion: Correct.

Option D - Event Logs Only in Root ADOM:

Event logs are available across different ADOMs, not exclusively in the root ADOM. They capture system-wide events, but they can be accessed within specific ADOM contexts as needed.

Conclusion: Incorrect.

Conclusion:

Correct Answe r : B. You can view playbook logs for all ADOMs in the root ADOM and C. Event logs show system-wide information, whereas application logs are ADOM specific.

These answers correctly describe the characteristics and visibility of local logs within FortiAnalyzer.

FortiAnalyzer 7.4.1 documentation on log types, ADOM configuration, and FortiView functionality.

Question 6

Why must you wait for several minutes before you run a playbook that you just created?

AFortiAnalyzer needs that time to parse the new playbook.

BFortiAnalyzer needs that time to debug the new playbook.

CFortiAnalyzer needs that time to back up the current playbooks.

DFortiAnalyzer needs that time to ensure there are no other playbooks running.

Answer : A

When a new playbook is created on FortiAnalyzer, the system requires some time to parse and validate the playbook before it can be executed. Parsing involves checking the playbook's structure, ensuring that all syntax and logic are correct, and preparing the playbook for execution within FortiAnalyzer's automation engine. This initial parsing step is necessary for FortiAnalyzer to load the playbook into its operational environment correctly.

Here's why the other options are incorrect:

Option A: FortiAnalyzer needs that time to parse the new playbook

This is correct. The delay is due to the parsing and setup process required to prepare the new playbook for execution. FortiAnalyzer's automation engine checks for any issues or dependencies within the playbook, ensuring that it can run without errors.

Option B: FortiAnalyzer needs that time to debug the new playbook

This is incorrect. Debugging is not an automatic process that FortiAnalyzer undertakes after playbook creation. Debugging, if necessary, is a manual task performed by the administrator if there are issues with the playbook execution.

Option C: FortiAnalyzer needs that time to back up the current playbooks

This is incorrect. FortiAnalyzer does not automatically back up playbooks every time a new one is created. Backups of configuration and playbooks are typically scheduled as part of routine maintenance and are not triggered by playbook creation.

Option D: FortiAnalyzer needs that time to ensure there are no other playbooks running

This is incorrect. FortiAnalyzer can manage multiple playbooks running simultaneously, so it does not require waiting for other playbooks to finish before initiating a new one. The waiting time specifically relates to the parsing process of the newly created playbook.

Question 7

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been uncuccessful.

Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

AOpen .gz log files in FortiView.

BRebuild the SQL database and check FortiView.

CReview the ADOM data policy

DCheck logs in the Log Browse

Answer : A, B

Fortinet FCP - FortiAnalyzer 7.4 Analyst FCP_FAZ_AN-7.4 Exam Questions