NEW QUESTION 1
FortiAnalyzer centralizes which functions? (Choose three)

• A. Network analysis
• B. Graphical reporting
• C. Content archiving / data mining
• D. Vulnerability assessment
• E. Security log analysis / forensics

Answer: BCE

NEW QUESTION 2
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?

• A. The log file is stored as a raw log and is available for analytic support.
• B. The log file rolls over and is archived.
• C. The log file is purged from the database.
• D. The log file is overwritten.

Answer: B

NEW QUESTION 3
What purposes does the auto-cache setting on reports serve? (Choose two.)

• A. To reduce report generation time
• B. To automatically update the hcache when new logs arrive
• C. To reduce the log insert lag rate
• D. To provide diagnostics on report generation time

Answer: AB

NEW QUESTION 4
How does FortiAnalyzer retrieve specific log data from the database?

• A. SQL FROM statement
• B. SQL GET statement
• C. SQL SELECT statement
• D. SQL EXTRACT statement

Answer: C

NEW QUESTION 5
What are two of the key features of FortiAnalyzer? (Choose two.)

• A. Centralized log repository
• B. Cloud-based management
• C. Reports
• D. Virtual domains (VDOMs)

Answer: AC

NEW QUESTION 6
What is the recommended method of expanding disk space on a FortiAnalyzer VM?

• A. From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk number> command to expand the storage
• B. From the VM host manager, expand the size of the existing virtual disk
• C. From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk
• D. From the VM host manager, add an additional virtual disk and rebuild your RAID array

Answer: A

NEW QUESTION 7
Which statements are correct regarding FortiAnalyzer reports? (Choose two)

• A. FortiAnalyzer provides the ability to create custom reports.
• B. FortiAnalyzer glows you to schedule reports to run.
• C. FortiAnalyzer includes pre-defined reports only.
• D. FortiAnalyzer allows reporting for FortiGate devices only.

Answer: AB

NEW QUESTION 8
View the exhibit.

What does the data point at 14:35 tell you?

• A. FortiAnalyzer is dropping logs.
• B. FortiAnalyzer is indexing logs faster than logs are being received.
• C. FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
• D. The sqlplugind daemon is ahead in indexing by one log.

Answer: D

Explanation:
Logs are received then they are indexed, no logging server in the world can index logs faster than they are received. When FAZ receives raw logs, they are inserted (indexed) by the SQL database and the sqlplugind daemon, this graph shows that FAZ received 3 logs and sqlplugind indexed 4.

NEW QUESTION 9
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?

• A. Chart Builder
• B. Export to Report Chart
• C. Dataset Library
• D. Custom View

Answer: A

NEW QUESTION 10
What statements are true regarding disk log quota? (Choose two)

• A. The FortiAnalyzer stops logging once the disk log quota is met.
• B. The FortiAnalyzer automatically sets the disk log quota based on the device.
• C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
• D. The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Answer: CD

NEW QUESTION 11
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server? (Choose two.)

• A. SFTP, FTP, or SCP server
• B. Mail server
• C. Output profile
• D. Report scheduling

Answer: AC

NEW QUESTION 12
What statements are true regarding FortiAnalyzer 's treatment of high availability (HA) dusters? (Choose two)

• A. FortiAnalyzer distinguishes different devices by their serial number.
• B. FortiAnalyzer receives logs from d devices in a duster.
• C. FortiAnalyzer receives bgs only from the primary device in the cluster.
• D. FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.

Answer: AB

NEW QUESTION 13
View the exhibit.

Why is the total quota less than the total system storage?

• A. 3.6% of the system storage is already being used.
• B. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files
• C. The oftpd process has not archived the logs yet
• D. The logfiled process is just estimating the total quota

Answer: B

NEW QUESTION 14
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?

• A. Log upload
• B. Indicators of Compromise
• C. Log forwarding an aggregation mode
• D. Log fetching

Answer: D

NEW QUESTION 15
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?

• A. Configure local DNS servers on FortiAnalyzer
• B. Resolve IPs on FortiGate
• C. Configure # set resolve-ip enable in the system FortiView settings
• D. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Answer: B

NEW QUESTION 16
What can the CLI command # diagnose test application oftpd 3 help you to determine?

• A. What devices and IP addresses are connecting to FortiAnalyzer
• B. What logs, if any, are reaching FortiAnalyzer
• C. What ADOMs are enabled and configured
• D. What devices are registered and unregistered

Answer: A

NEW QUESTION 17
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

• A. Use DNS
• B. Use host name resolution
• C. Use real-time forwarding
• D. Use an NTP server

Answer: D

NEW QUESTION 18
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

• A. ADOMs are enabled by default.
• B. ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.
• C. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.
• D. All administrators can create ADOMs--not just the admin administrator.

Answer: BC

NEW QUESTION 19
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)

• A. SSL is the default setting.
• B. SSL communications are auto-negotiated between the two devices.
• C. SSL can send logs in real-time only.
• D. SSL encryption levels are globally set on FortiAnalyzer.
• E. FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.

Answer: AD

NEW QUESTION 20
What is the purpose of employing RAID with FortiAnalyzer?

• A. To introduce redundancy to your log data
• B. To provide data separation between ADOMs
• C. To separate analytical and archive data
• D. To back up your logs

Answer: A

NEW QUESTION 21
......