NEW QUESTION 1
View the exhibit.

What does the data point at 14:35 tell you?

• A. FortiAnalyzer is dropping logs.
• B. FortiAnalyzer is indexing logs faster than logs are being received.
• C. FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.
• D. The sqlplugind daemon is ahead in indexing by one log.

Answer: B

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/47690/insert-rate-vs-receive-rate-wi

NEW QUESTION 2
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?
execute sql-local rebuild-adom <new-ADOM-name>

• A. To reset the disk quota enforcement to default
• B. To remove the analytics logs of the device from the old database
• C. To migrate the archive logs to the new ADOM
• D. To populate the new ADOM with analytical logs for the moved device, so you can run reports

Answer: D

Explanation:

NEW QUESTION 3
What is the purpose of a dataset query in FortiAnalyzer?

• A. It sorts log data into tables
• B. It extracts the database schema
• C. It retrieves log data from the database
• D. It injects log data into the database

Answer: C

NEW QUESTION 4
An administrator has configured the following settings: config system fortiview settings set resolve-ip enable end
What is the significance of executing this command?

• A. Use this command only if the source IP addresses are not resolved on FortiGate.
• B. It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.
• C. You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.
• D. It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Answer: D

NEW QUESTION 5
Which statements are true of Administrative Domains (ADOMs) in FortiAnalyzer? (Choose two.)

• A. ADOMs are enabled by default.
• B. ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.
• C. Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.
• D. All administrators can create ADOMs--not just the admin administrator.

Answer: BC

NEW QUESTION 6
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?

• A. Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
• B. Configure # set resolve-ip enable in the system FortiView settings
• C. Configure local DNS servers on FortiAnalyzer
• D. Resolve IP addresses on FortiGate

Answer: D

Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get both
source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP resolution does destination IPs only”

NEW QUESTION 7
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

• A. In aggregation mode, you can forward logs to syslog and CEF servers as well.
• B. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
• C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
• D. Both modes, forwarding and aggregation, support encryption of logs between devices.

Answer: CD

NEW QUESTION 8
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)

• A. When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
• B. Collector mode is the default operating mode.
• C. When in collector mod
• D. FortiAnalyzer supports event management and reporting features.
• E. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can improve the overall performance of log receiving, analysis, and reporting

Answer: AD

NEW QUESTION 9
Which two methods can you use to send event notifications when an event occurs that matches a configured event handler? (Choose two.)

• A. SMS
• B. Email
• C. SNMP
• D. IM

Answer: BC

NEW QUESTION 10
Which daemon is responsible for enforcing raw log file size?

• A. logfiled
• B. oftpd
• C. sqlplugind
• D. miglogd

Answer: A

NEW QUESTION 11
What can the CLI command # diagnose test application oftpd 3 help you to determine?

• A. What devices and IP addresses are connecting to FortiAnalyzer
• B. What logs, if any, are reaching FortiAnalyzer
• C. What ADOMs are enabled and configured
• D. What devices are registered and unregistered

Answer: A

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/395556/test#test_application

NEW QUESTION 12
What is the purpose of employing RAID with FortiAnalyzer?

• A. To introduce redundancy to your log data
• B. To provide data separation between ADOMs
• C. To separate analytical and archive data
• D. To back up your logs

Answer: A

Explanation:
https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%

NEW QUESTION 13
Which two statements about log forwarding are true? (Choose two.)

• A. Forwarded logs cannot be filtered to match specific criteria.
• B. Logs are forwarded in real-time only.
• C. The client retains a local copy of the logs after forwarding.
• D. You can use aggregation mode only with another FortiAnalyzer.

Answer: CD

Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/420493/modes https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/621804/log-forwarding

NEW QUESTION 14
What is the purpose of a predefined template on the FortiAnalyzer?

• A. It can be edited and modified as required
• B. It specifies the report layout which contains predefined texts, charts, and macros
• C. It specifies report settings which contains time period, device selection, and schedule
• D. It contains predefined data to generate mock reports

Answer: B

NEW QUESTION 15
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.
What is the recommended method to replace the disk?

• A. Shut down FortiAnalyzer and then replace the disk
• B. Downgrade your RAID level, replace the disk, and then upgrade your RAID level
• C. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running
• D. Perform a hot swap

Answer: A

Explanation:

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-

NEW QUESTION 16
When you perform a system backup, what does the backup configuration contain? (Choose two.)

• A. Generated reports
• B. Device list
• C. Authorized devices logs
• D. System information

Answer: BD

Explanation:
https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm

NEW QUESTION 17
What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?

• A. Log correlation
• B. Host name resolution
• C. Log collection
• D. Real-time forwarding

Answer: C

NEW QUESTION 18
......