FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for
analytics logs is 60 days.
What is the most likely problem?
Answer : B
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the
FortiAnalyzer back to functioning normally, without losing data?
Answer : D
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2FFortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.
If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running -- known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.
What statements are true regarding disk log quota? (Choose two)
Answer : C, D
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two)
Answer : A, B
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
Answer : A, D
In order to configure IOC, you require the following:
* A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is restrictive and only meant to give you an idea of how the feature works.
* A web filter services subscription on FortiGate device(s)
* Web filter policies on FortiGate device(s) that send traffic to FortiAnalyzer
Compromised Hosts or Indicators of Compromise service (IOC) is a licensed feature.
To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.
Ref : https://docs.fortinet.com/document/fortianalyzer/6.4.0/administration-guide/137635/viewing-compromised-hosts
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)
Answer : B, C
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the
purpose of running the following CLI command?
execute sql-local rebuild-adom
Answer : D
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 128: Are the device analytics logs required for reports in the new ADOM? If so, rebuild the new ADOM database