New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet FCP_FAZ_AN-7.4 Dumps Questions Answers

FCP - FortiAnalyzer 7.4 Analyst Questions and Answers

Question 1

Exhibit.

What is the analyst trying to create?

Options:

A.

The analyst is trying to create a trigger variable to the used in the playbook.

B.

The analyst is trying to create an output variable to be used in the playbook.

C.

The analyst is trying to create a report in the playbook.

D.

The analyst is trying to create a SOC report in the playbook.

Buy Now
Question 2

Exhibit.

What is the purpose of using the Chart Builder feature On FortiAnalyzer?

Options:

A.

To build a chart automatically based on the top 100 log entries

B.

To add charts directly to generate reports in the current ADOM.

C.

To add a new chart under FortiView to be used in new reports

D.

To build a dataset and chart based on the filtered search results

Question 3

Exhibit.

Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?

Options:

A.

FortiAnalayzer1 and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

FortiAnalyzer2 and FortiAnalyzer3

D.

All devices listed can be members.

Question 4

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

Options:

A.

FortiView Monitor

B.

Outbreak alert services

C.

Incidents dashboard

D.

Threat hunting

Question 5

When managing incidents on FortiAnlyzer, what must an analyst be aware of?

Options:

A.

You can manually attach generated reports to incidents.

B.

The status of the incident is always linked to the status of the attach event.

C.

Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour.

D.

Incidents must be acknowledged before they can be analyzed.

Question 6

Refer to the exhibit.

What can you conclude about the output?

Options:

A.

The low indexing values require investigation.

B.

The output is not ADOM specific.

C.

There are more event logs than traffic logs.

D.

The log rate higher than the message rate is not normal.

Question 7

Which statement regarding macros on FortiAnalyzer is true?

Options:

A.

Macros are predefined templates for reports and cannot be customized.

B.

Macros are useful in generating excel log files automatically based on the report settings.

C.

Macros are ADOM-specific and each ADOM type have unique macros relevant to that ADOM.

D.

Macros are supported only on the FortiGate ADOMs.

Question 8

Which log will generate an event with the status Unhandled?

Options:

A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log will action=dropped.

D.

An AppControl log with action=blocked.

Question 9

Which statement about sending notifications with incident updates is true?

Options:

A.

Each connector used can have different notification settings

B.

Each incident can send notification to a single external platform.

C.

You must configure an output profile to send notifications by email.

D.

Notifications can be sent only when an incident is created oi deleted.

Question 10

Which two methods can you use to send notifications when an event occurs that matches a configured event handler? (Choose two.)

Options:

A.

Send Alert through Fabric Connectors

B.

Send SNMP trap

C.

Send SMS notification

D.

Send Alert through FortiSIEM MEA

Question 11

Which two statements about local logs on FortiAnalyzer are true? (Choose two.)

Options:

A.

They are not supported in FortiView.

B.

You can view playbook logs for all ADOMs in the root ADOM.

C.

Event logs show system-wide information, whereas application logs are ADOM specific.

D.

Event logs are available only in the root ADOM.

Question 12

Which statement about the FortiSIEM management extension is correct?

Options:

A.

It allows you to manage the entire life cycle of a threat or breach.

B.

It can be installed as a dedicated VM.

C.

Its use of the available disk space is capped at 50%.

D.

It requires a licensed FortiSIEM supervisor.

Question 13

Which statement about SQL SELECT queries is true?

Options:

A.

They can be used to purge log entries from the database.

B.

They must be followed immediately by a WHERE clause.

C.

They can be used to display the database schema.

D.

They are not used in macros.

Question 14

Which two statements about exporting and importing playbacks are true? (Choose two.)

Options:

A.

A playbook that was disabled when it was exported mil be disabled when it is imported.

B.

Playbooks can so imported 10 a different FortiAnayzer device, but only if the connectors already exist

C.

You can import a playbook even if there is another one win the same name in the destination

D.

You can export only one playbook at a time.

Question 15

What is the purpose of running the command diagnose sql status sqlreportd?

Options:

A.

To view a list of scheduled reports

B.

To list the current SQL processes running

C.

To display the SQL query connections and hcache status

D.

To identify the database log insertion status

Question 16

Which statement describes archive logs on FortiAnalyzer?

Options:

A.

Logs that are indexed and stored in the SQL database

B.

Logs a FortiAnalyzer administrator can access in FortiView

C.

Logs compressed and saved in files with the .gz extension

D.

Logs previously collected from devices that are offline