Fortinet FCP_FAZ_AN-7.4 - FCP - FortiAnalyzer 7.4 Analyst Exam
Page: 1 / 7
Total 34 questions
Question #1 (Topic: Exam A)
Refer to the exhibit.
What can you conclude about the output?
What can you conclude about the output?
A. The output is not ADOM specific.
B. There are more event logs than traffic logs.
C. The low indexing values require investigation.
D. The log rate being higher than the message rate is not normal.
Answer: A
Question #2 (Topic: Exam A)
Which two statements about exporting and importing playbooks are true? (Choose two.)
A. You can export only one playbook at a time.
B. A playbook that was disabled when it was exported will be disabled when it is imported.
C. You can import a playbook even if there is another one with the same name in the destination.
D. Playbooks can be imported to a different FortiAnalyzer device, but only if the connectors already exist.
Answer: AB
Question #3 (Topic: Exam A)
You are trying to configure a task in the playbook editor to run a report.
However, when you try to select the desired playbook, you do not see it listed.
What is the reason?
However, when you try to select the desired playbook, you do not see it listed.
What is the reason?
A. The report has no results and must be reconfigured.
B. You must create a trigger to run the report first.
C. The playbook is currently running and will be available after it is finished.
D. The report does not have auto-cache and extended log filtering enabled.
Answer: D
Question #4 (Topic: Exam A)
When managing incidents on FortiAnalyzer, what must an analyst be aware of?
A. The status of the incident is always linked to the status of the attached event.
B. Incidents must be acknowledged before they can be analyzed.
C. Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour.
D. You can manually attach generated reports to incidents.
Answer: D
Question #5 (Topic: Exam A)
Refer to the exhibit.
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.
Which filter will achieve the desired result?
Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.
Which filter will achieve the desired result?
A. operation-login & dstip==10.1.1.210 & user!-admin
B. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin
C. operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin
D. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin
Answer: D
