Month End Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

FCP_FAZ_AN-7.4 Questions and Answers

Question # 6

Why must you wait for several minutes before you run a playbook that you just created?

A.

FortiAnalyzer needs that time to parse the new playbook.

B.

FortiAnalyzer needs that time to debug the new playbook.

C.

FortiAnalyzer needs that time to back up the current playbooks.

D.

FortiAnalyzer needs that time to ensure there are no other playbooks running.

Full Access
Question # 7

Which statement about the FortiSOAR management extension is correct?

A.

It requires a FortiManager configured to manage FortiGate.

B.

It runs as a docker container on FortiAnalyzer.

C.

It requires a dedicated FortiSOAR device or VM.

D.

It does not include a limited trial by default.

Full Access
Question # 8

Exhibit.

A fortiAnalyzer analyst is customizing a SQL query to use in a report.

Which SQL query should the analyst run to get the expected results?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 9

You created a playbook on FortiAnalyzer that uses a FortiOS connector.

When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?

A.

FortiAnalyzer Event Handler

B.

Fabric Connector event

C.

FortiOS Event Log

D.

Incoming webhook

Full Access
Question # 10

Refer to Exhibit:

What does the data point at 21:20 indicate?

A.

FortiAnalyzer is indexing logs faster than logs are being received.

B.

The fortilogd daemon is ahead in indexing by one log.

C.

The SQL database requires a rebuild because of high receive lag.

D.

FortiAnalyzer is temporarily buffering received logs so older logs can be indexed first.

Full Access
Question # 11

Which statement about sending notifications with incident update is true?

A.

You can send notifications to multiple external platforms.

B.

Notifications can be sent only by email.

C.

If you use multiple fabric connectors, all connectors must have the same settings.

D.

Notifications can be sent only when an incident is updated or deleted.

Full Access
Question # 12

Exhibit.

What does the data point at 12:20 indicate?

A.

The log insert log time is increasing.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The performance of FortiAnalyzer is below the baseline.

D.

The sqiplugind service is caught up with the logs

Full Access
Question # 13

Which log will generate an event with the status Contained?

A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log will action=dropped.

D.

An AppControl log with action=blocked.

Full Access
Question # 14

Exhibit.

Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?

A.

FortiAnalayzer1 and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

FortiAnalyzer2 and FortiAnalyzer3

D.

All devices listed can be members.

Full Access
Question # 15

Exhibit.

Laptop1 is used by several administrators to manage FotiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than admin’’, and coming from Laptop1.

Which filter will achieve the desired result?

A.

Operation-login and performed_on==’’GUI(10.1.1.100)’ and user!=admin

B.

Operation-login and performed_on==’’GU (10.1.1.120)’ and user!=admin

C.

Operation-login and srcip== 10.1.1.100 and dstip==10.1.1.1.210 and user==admin

D.

Operation-login and dstip==10.1.1.210 and user!-admin

Full Access
Question # 16

Which log will generate an event with the status Unhandled?

A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log will action=dropped.

D.

An AppControl log with action=blocked.

Full Access