Page: 1
/ 4
Total 46 questions
Refer to the exhibit.
Which statement is correct regarding the event displayed?
- A. The security event risk is considered open.
- B. The security risk was blocked or dropped.
- C. The risk source is isolated.
- D. An incident was created from this event.
Answer : A
What is the purpose of predefined report templates on FortiAnalyzer?
- A. They can be customized to meet the needs of the intended audience.
- B. They can be created by saving reports as templates.
- C. They specify the layout used in reports.
- D. They include the data used in reports charts.
Answer : C
Refer to the exhibit.
What does the data point at 21:20 indicate?
- A. FortiAnalyzer has temporarily stopped receiving logs so older logs can be indexed.
- B. FortiAnalyzer is dropping logs to catch up.
- C. The fortilogd daemon is ahead in indexing by one log.
- D. FortiAnalyzer is indexing logs faster than logs are being received.
Answer : D
What is the purpose of output variables?
- A. To store playbook execution statistics
- B. To save all the task settings when a playbook is exported
- C. To display details of the connectors used by a playbook
- D. To use the output of the previous task as the input of the current task
Answer : D
Which two methods can you use to send notifications when an event occurs that matches a configured event handier? (Choose two.)
- A. Send Alert through Fabric Connectors
- B. Send Alert through FortiSIEM MEA
- C. Send SNMP trap
- D. Send SMS notification
Answer : AC
Refer to the exhibit.
Which FortiAnalyzer tool can refer to the Cyber Kill Chain stages and allows you to identify which Fortinet products can protect you against new vulnerabilities?
- A. Threat hunting SIEM table
- B. Outbreak detection services
- C. FortiSOC dashboards
- D. FortiView Monitor top threats
Answer : A
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)
- A. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
- B. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
- C. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
- D. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
Answer : CD
Which SQL query is in the correct order to query the database in the FortiAnalyzer?
- A. FROM $log WHERE 'user'='USER1' SELECT devid GROUP BY devid
- B. SELECT devid FROM $log GROUP BY devid WHERE 'user'='USER1'
- C. SELECT devid FROM $log WHERE 'user'='USER1' GROUP BY devid
- D. SELECT devid WHERE 'user'='USER1' FROM $log GROUP BY devid
Answer : C
You are looking for a playbook that was exported by a junior administrator. You perform a search and find the files listed below.
Which file will perform an import operation?
- A. Exported_playbook.json
- B. Exported_playbook.csv
- C. Exported_playbook.txt
- D. Exported_playbook.sql
Answer : A
Which two statements about a FortiAnalyzer Fabric are true? (Choose two.)
- A. Fabric members must be in the same time zone as the supervisor.
- B. Fabric members and the supervisor support HA.
- C. All fabric members must run in collector mode except the supervisor.
- D. The supervisor can access the logs in the fabric members using an API.
Answer : AD
Which statement is true about sending notifications with incident updates?
- A. If you use multiple fabric connectors, all connectors must have the same notification settings.
- B. Notifications can be sent only by email.
- C. Notifications can be sent only when an incident is updated or deleted.
- D. You can send notifications to multiple external platforms.
Answer : D
Which statement describes archive logs on FortiAnalyzer?
- A. Logs compressed and saved in files with the .gz extension
- B. Logs a FortiAnalyzer administrator can access in FortiView
- C. Logs that are indexed and stored in the SQL database
- D. Logs previously collected from devices that are offline
Answer : A
Which statement correctly describes the management extensions available on FortiAnalyzer?
- A. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
- B. Management extensions may require a minimum number of CPU cores to run.
- C. Management extensions require a dedicated VM for best performance.
- D. Management extensions do not require additional licenses.
Answer : B
Refer to the exhibit.
The image shows the details of a playbook after it finished running.
What is the status of the playbook?
- A. Running
- B. Success
- C. Upstream_failed
- D. Failed
Answer : D
What are two advantages of grouping similar reports? (Choose two.)
- A. Reduces the number of hcache tables and improves auto-hcache completion time
- B. Conserves disk space on FortiAnalyzer by grouping multiple similar reports
- C. Improves report completion time
- D. Provides a better summary of reports
Answer : AC
30 days access 