A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?
Answer : C
Reference: https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/841611/profiles-for-device-managers
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
Answer : BD
Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/63238/what-is-the-difference-between-log-forward-and-log-aggregation-modes
After you have moved a registered logging device out of one ADOM and into a new ADOM. what is the purpose of running the following CLI command? execute sql-local rebuild-adom <new-ADOM-name>
Answer : D
Reference: https://docs.fortinet.com/document/fortimanager/7.0.3/administration-guide/667061/creating-adoms
Which statement is true regarding Macros on FortiAnalyzer?
Answer : D
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-FAZ/2300_Reports/1200_Macro_library/0200_Create_Macros.htm
What is the purpose of output variables?
Answer : D
Reference: https://network-insight.net/2022/07/25/ansible-variables-ansible-automation/
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
Answer : AC
Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/788897/configuring-the-root-fortigate-and-downstream-fortigates
A playbook contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.
What will be the status of the playbook after its execution?
Answer : B
Reference: https://docs.ansible.com/ansible/latest/user_guide/playbooks_error_handling.html
Refer to the exhibit.
Which image corresponds to the packet capture shown in the exhibit?
Answer : B
Refer to the exhibit.
Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
Answer : AD
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FMG-FAZ/2300_Reports/0025_Auto-cache.htm
You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
Answer : C
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/126663/creating-automation-stitches
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
Answer : D
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
Answer : AC
Reference: https://community.fortinet.com/t5/FortiSIEM/Technical-Note-How-to-change-a-polling-interval/ta-p/191722?docType=4&externalId=FD39420&sliceId=1
If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?
Answer : D
Reference: https://community.fortinet.com/t5/FortiExtender/FortiExtender-Basic-Commands-configuration-verification-or-setup/ta-p/195762?externalId=FD36098
Refer to the exhibit.
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?
Answer : D
Reference: https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/266391/setting-up-a-fortianalyzer-ha-cluster
For which two purposes would you use the command set log checksum? (Choose two.)
Answer : AD
Reference: https://docs.fortinet.com/document/fortianalyzer/7.2.0/administration-guide/410387/appendix-b-log-integrity-and-secure-log-transfer