Question #1
Which two statements regarding ADOM modes are true? (Choose two.)
- A . In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible.
- B . You can change ADOM modes only through the CLI.
- C . In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
- D . Normal mode is the default ADOM mode.
Correct Answer: C, D
Question #2
What is the purpose of the FortiAnalyzer command diagnose system print netstat?
- A . It provides network statistics for active connections, including the protocols, IP addresses, and connection states.
- B . It provides the complete routing table, including directly connected routes.
- C . It provides the static DNS table, including the host names and their expiration timers.
- D . It provides NTP server information, including server IPs. stratum, poll time, and latency.
Correct Answer: A
A
Explanation:
The diagnose system print netstat command in FortiAnalyzer provides detailed information on active network connections, similar to the netstat command found in many operating systems.
A
Explanation:
The diagnose system print netstat command in FortiAnalyzer provides detailed information on active network connections, similar to the netstat command found in many operating systems.
Question #3
Refer to the exhibit.
The exhibit shows the creation of a new administrator on FortiAnalyzer.
What are two effects of enabling the choice Match all users on remote server when configuring a new administrator? (Choose two.)
- A . It allows user accounts in the LDAP server to use two-factor authentication.
- B . It creates a wildcard administrator using an LDAP server.
- C . User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.
- D . Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.
Correct Answer: B, D
B, D
Explanation:
Enabling this option allows any user authenticated by the LDAP server to log in to FortiAnalyzer, effectively creating a wildcard administrator.
B, D
Explanation:
Enabling this option allows any user authenticated by the LDAP server to log in to FortiAnalyzer, effectively creating a wildcard administrator.
Question #4
The connection status of a new device on FortiAnalyzer is listed as Unauthorized.
What does that status mean?
- A . It is a device whose registration has not yet been accepted in FortiAnalvzer.
- B . It is a device that has not yet been assigned an ADOM.
- C . It is a device that is waiting for you to configure a pre-shared key.
- D . It is a device that FortiAnalvzer does not support.
Correct Answer: A
A
Explanation:
The "Unauthorized" status indicates that the device has been discovered or attempted to connect but has not yet been authorized for management by FortiAnalyzer. It requires an administrator to approve or authorize the device before it can be fully managed.
A
Explanation:
The "Unauthorized" status indicates that the device has been discovered or attempted to connect but has not yet been authorized for management by FortiAnalyzer. It requires an administrator to approve or authorize the device before it can be fully managed.
Question #5
Refer to the exhibit.
Which image corresponds to the packet capture shown in the exhibit?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Correct Answer: A
A
Explanation:
Chosen image shows the device Remote-FortiGate with the IP 10.200.3.1 and a connection status of "Connection Up," which is consistent with the packet capture details showing active communication between the client and server.
A
Explanation:
Chosen image shows the device Remote-FortiGate with the IP 10.200.3.1 and a connection status of "Connection Up," which is consistent with the packet capture details showing active communication between the client and server.
Question #6
Refer to the exhibit.
What is the purpose of configuring FortiAnalyzer with the settings displayed in the image?
- A . To increase reliability
- B . To expand bandwidth
- C . To maximize resiliency
- D . To improve security
Correct Answer: D
D
Explanation:
The settings displayed in the image show the creation of a VLAN interface on FortiAnalyzer. The VLAN ID is set to 100, and it is associated with port 5.
The purpose of configuring a VLAN interface like this is generally: To improve security.
By creating a VLAN, traffic can be segmented into isolated networks, which helps limit access and enhances security by reducing the broadcast domain and keeping different types of traffic (e.g., management, user, and data traffic) separate.
D
Explanation:
The settings displayed in the image show the creation of a VLAN interface on FortiAnalyzer. The VLAN ID is set to 100, and it is associated with port 5.
The purpose of configuring a VLAN interface like this is generally: To improve security.
By creating a VLAN, traffic can be segmented into isolated networks, which helps limit access and enhances security by reducing the broadcast domain and keeping different types of traffic (e.g., management, user, and data traffic) separate.
Question #7
What are offline logs on FortiAnalyzer?
- A . Compressed logs, also known as archive logs
- B . Logs that are indexed and stored in the SQL database
- C . Any logs collected from offline devices after they boot up
- D . Real-time logs that are not yet indexed
Correct Answer: A
A
Explanation:
These logs are generated when devices that were previously offline come back online and send their log data to the FortiAnalyzer.
A
Explanation:
These logs are generated when devices that were previously offline come back online and send their log data to the FortiAnalyzer.
Question #8
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
- A . Logs from registered devices
- B . Database snapshot
- C . Report information
- D . System information
Correct Answer: C, D
C, D
Explanation:
A FortiAnalyzer system backup includes configurations, report settings, and system information, but it does not include logs from registered devices or database snapshots. Logs are stored separately and are not part of the system configuration backup.
C, D
Explanation:
A FortiAnalyzer system backup includes configurations, report settings, and system information, but it does not include logs from registered devices or database snapshots. Logs are stored separately and are not part of the system configuration backup.
Question #9
Refer to the exhibit.
Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?
- A . FortiAnalyzer1 and FortiAnalyzer3
- B . All devices listed can be members.
- C . FortiAnalyzer1 and FortiAnalyzer2
- D . FortiAnalyzer2 and FortiAnalyzer3
Correct Answer: B
B
Explanation:
Based on the partial configuration output, the primary factor for determining which devices can be members of a FortiAnalyzer Fabric is the log-mode setting. Devices with the same log mode can be part of the same FortiAnalyzer Fabric.
FortiAnalyzer1: Log mode is set to collector.
FortiAnalyzer2: Log mode is set to collector.
FortiAnalyzer3: Log mode is set to analyzer.
Devices with the same log mode can be part of the same fabric. Since FortiAnalyzer1 and FortiAnalyzer2 both have their log modes set to collector, they can be members of a FortiAnalyzer Fabric.
Therefore, the correct answer is FortiAnalyzer1 and FortiAnalyzer2.
B
Explanation:
Based on the partial configuration output, the primary factor for determining which devices can be members of a FortiAnalyzer Fabric is the log-mode setting. Devices with the same log mode can be part of the same FortiAnalyzer Fabric.
FortiAnalyzer1: Log mode is set to collector.
FortiAnalyzer2: Log mode is set to collector.
FortiAnalyzer3: Log mode is set to analyzer.
Devices with the same log mode can be part of the same fabric. Since FortiAnalyzer1 and FortiAnalyzer2 both have their log modes set to collector, they can be members of a FortiAnalyzer Fabric.
Therefore, the correct answer is FortiAnalyzer1 and FortiAnalyzer2.
Question #10
You finished registering a FortiGate device. After traffic starts to flow through FortiGate, you notice that only some of the logs expected are being received on FortiAnalyzer.
What could be the reason for the logs not arriving on FortiAnalyzer?
- A . FortiGate was added to the wrong ADOM type.
- B . This FortiGate model is not fully supported.
- C . FortiGate does not have logging configured correctly.
- D . This FortiGate is part of an HA cluster but it is the secondary device.
Correct Answer: C
C
Explanation:
This issue can occur if FortiGate is not properly configured to send logs to FortiAnalyzer, such as incorrect logging settings or filters being applied that prevent certain logs from being sent. It’s important to verify that logging is enabled on FortiGate and that the correct log settings (such as log severity or log type) are configured for transmission to FortiAnalyzer.
C
Explanation:
This issue can occur if FortiGate is not properly configured to send logs to FortiAnalyzer, such as incorrect logging settings or filters being applied that prevent certain logs from being sent. It’s important to verify that logging is enabled on FortiGate and that the correct log settings (such as log severity or log type) are configured for transmission to FortiAnalyzer.
Question #11
An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails.
What can be the problem?
- A . ADOM mode is configured with Advanced mode.
- B . A trusted host is configured.
- C . fortinet is assigned the default Standard_User administrative profile.
- D . fortinet is assigned the default Restricted_User administrative profile.
Correct Answer: C
C
Explanation:
The Standard_User profile allows viewing logs and performing some device management tasks but typically does not allow configuring global settings like creating a mail server for alert emails. To create a mail server, the administrator would need to have a profile with higher privileges, such as Super_User or a custom profile with the necessary permissions.
C
Explanation:
The Standard_User profile allows viewing logs and performing some device management tasks but typically does not allow configuring global settings like creating a mail server for alert emails. To create a mail server, the administrator would need to have a profile with higher privileges, such as Super_User or a custom profile with the necessary permissions.
Question #12
Which two parameters are used to calculate the Total Quota value available on FortiAnalyzer? (Choose two.)
- A . Used storage
- B . Retention policy
- C . Reserved space
- D . Total system storage
Correct Answer: C, D
C, D
Explanation:
The Total Quota is derived from the total system storage minus any reserved space allocated for system use, such as databases, system files, or reserved space for log retention policies. Used storage and retention policies do not directly impact the calculation of the quota available, though they can influence overall space utilization.
C, D
Explanation:
The Total Quota is derived from the total system storage minus any reserved space allocated for system use, such as databases, system files, or reserved space for log retention policies. Used storage and retention policies do not directly impact the calculation of the quota available, though they can influence overall space utilization.
Question #13
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate on FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A . A local wildcard administrator account
- B . An administrator group
- C . One or more remote LDAP servers
- D . LDAP servers IP addresses added as trusted hosts
Correct Answer: A, C
A, C
Explanation:
A wildcard administrator account allows any user from the specified LDAP group to authenticate, and the remote LDAP servers must be configured to validate those user credentials. The combination of these settings enables authentication via LDAP for non-local users.
A, C
Explanation:
A wildcard administrator account allows any user from the specified LDAP group to authenticate, and the remote LDAP servers must be configured to validate those user credentials. The combination of these settings enables authentication via LDAP for non-local users.
Question #14
An administrator has moved a FortiGate device from the root ADOM to ADOM1.
Which two statements are true regarding logs? (Choose two.)
- A . Analytics logs will be moved to ADOM1 from the root ADOM automatically.
- B . Archived logs will be moved to ADOM1 from the root ADOM automatically.
- C . Logs will be present in both ADOMs immediately after the move.
- D . Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.
Correct Answer: B D
B D
Explanation:
When a device is moved from one ADOM to another, analytics logs can be moved automatically, but you may need to rebuild the database for the logs to be fully transferred and usable in the new ADOM. Archived logs, however, do not move automatically between ADOMs.
B D
Explanation:
When a device is moved from one ADOM to another, analytics logs can be moved automatically, but you may need to rebuild the database for the logs to be fully transferred and usable in the new ADOM. Archived logs, however, do not move automatically between ADOMs.
Question #15
Which statement about the communication between FortiGate high availability (HA) clusters and FortiAnalyzer is true?
- A . If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together.
- B . FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers.
- C . If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer.
- D . The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.
Correct Answer: A
A
Explanation:
This allows FortiAnalyzer to correctly identify and process logs from different members of the HA cluster.
A
Explanation:
This allows FortiAnalyzer to correctly identify and process logs from different members of the HA cluster.
Question #16
What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?
- A . There is no need to do anything because the disk will self-recover.
- B . Run execute format disk to format and restart the FortiAnalyzer device.
- C . Perform a hot swap of the disk.
- D . Shut down FortiAnalyzer and replace the disk.
Correct Answer: C
C
Explanation:
In a RAID configuration, especially when hot-swapping is supported, you can replace a failed disk without shutting down the device. The RAID array will automatically rebuild once the new disk is inserted, minimizing downtime and maintaining data integrity.
C
Explanation:
In a RAID configuration, especially when hot-swapping is supported, you can replace a failed disk without shutting down the device. The RAID array will automatically rebuild once the new disk is inserted, minimizing downtime and maintaining data integrity.
Question #17
An administrator has configured the following settings:
What is the purpose of executing these commands?
- A . To record the hash value and authentication code of log files.
- B . To encrypt log transfer between FortiAnalyzer and other devices.
- C . To create the secure channel used by the OFTP process.
- D . To verify the integrity of the log files received.
Correct Answer: D
D
Explanation:
The command set log-checksum md5-auth configures FortiAnalyzer to generate an MD5 hash for each log file, along with an authentication code. This ensures that the integrity of the logs can be verified, confirming that the logs have not been tampered with.
D
Explanation:
The command set log-checksum md5-auth configures FortiAnalyzer to generate an MD5 hash for each log file, along with an authentication code. This ensures that the integrity of the logs can be verified, confirming that the logs have not been tampered with.
Question #18
Which statement correctly describes RAID 10 (1+0) on FortiAnalyzer?
- A . A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.
B 11 combines mirroring striping and distributed parity to provide performance and fault tolerance - B . A configuration with four disks, each with 2 TB of capacity, provides a total space of 2 TB.
- C . It uses striping to provide performance and fault tolerance.
Correct Answer: A
A
Explanation:
RAID 10 combines mirroring (RAID 1) and striping (RAID 0). In a RAID 10 setup with four disks, data is mirrored across two pairs of disks, and those pairs are striped for performance. This results in improved performance and fault tolerance, but the total usable storage is 50% of the total raw storage, meaning four 2 TB disks provide 4 TB of usable space.
A
Explanation:
RAID 10 combines mirroring (RAID 1) and striping (RAID 0). In a RAID 10 setup with four disks, data is mirrored across two pairs of disks, and those pairs are striped for performance. This results in improved performance and fault tolerance, but the total usable storage is 50% of the total raw storage, meaning four 2 TB disks provide 4 TB of usable space.
Question #19
Refer to the exhibit, which shows the HA configuration settings of a FortiAnalyzer device.
The administrator wants to join this FortiAnalyzer to an existing HA cluster.
What can you conclude from the configuration displayed?
- A . After joining the cluster, this FortiAnalyzer will forward received logs to its peers.
- B . This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
- C . This FortiAnalyzer is configured to route HA traffic through a gateway.
- D . This FortiAnalyzer will join the existing HA cluster as the secondary.
Correct Answer: B
B
Explanation:
The "Preferred Role" is set to Secondary, which means this FortiAnalyzer is configured to join the cluster as the secondary unit in an Active-Passive HA configuration. Other settings, such as the peer IP and serial number, confirm its setup to communicate with the primary unit.
B
Explanation:
The "Preferred Role" is set to Secondary, which means this FortiAnalyzer is configured to join the cluster as the secondary unit in an Active-Passive HA configuration. Other settings, such as the peer IP and serial number, confirm its setup to communicate with the primary unit.
Question #20
Which two parameters impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
- A . Total quota
- B . License type
- C . RAID level
- D . Disk size
Correct Answer: CD
CD
Explanation:
RAID level affects how much disk space is reserved for redundancy and fault tolerance. For example, RAID 1 mirrors data, meaning you need more space for redundancy, while RAID 5 or RAID 6 reserves space for parity.
Disk size directly influences the total available and reserved space since the larger the disk, the more space may need to be reserved for system functions, logs, and other operations.
The total quota and license type do not directly impact the reserved disk space, though they do influence other aspects of capacity and functionality.
CD
Explanation:
RAID level affects how much disk space is reserved for redundancy and fault tolerance. For example, RAID 1 mirrors data, meaning you need more space for redundancy, while RAID 5 or RAID 6 reserves space for parity.
Disk size directly influences the total available and reserved space since the larger the disk, the more space may need to be reserved for system functions, logs, and other operations.
The total quota and license type do not directly impact the reserved disk space, though they do influence other aspects of capacity and functionality.
Question #21
Refer to the exhibit.
The exhibit shows the creation of a new administrator on FortiAnalyzer. The new account uses the credentials stored on an LDAP server.
Why would an administrator configure a password for this account?
- A . This password is used if the authentication server becomes unreachable.
- B . This password authenticates FortiAnalyzer aqainst the LDAP server.
- C . This password is set to comply with FortiAnalvzer password policy
- D . This password is required because this is a restricted user.
Correct Answer: A
A
Explanation:
When using LDAP for authentication, a password can be set locally on FortiAnalyzer as a fallback option in case the LDAP server becomes unreachable. This ensures that the administrator can still log in if there are issues with the LDAP server.
A
Explanation:
When using LDAP for authentication, a password can be set locally on FortiAnalyzer as a fallback option in case the LDAP server becomes unreachable. This ensures that the administrator can still log in if there are issues with the LDAP server.
Question #22
In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?
- A . The traffic destination is another FortiGate in the fabric.
- B . The upstream FortiGate is configured to do NAT
- C . Log redundancy is configured in the fabric.
- D . The downstream device cannot connect to FortiAnalyzer.
Correct Answer: B
B
Explanation:
When the upstream FortiGate is performing Network Address Translation (NAT), it creates new session entries for traffic passing through it. As a result, it generates its own traffic logs for those sessions, even if the sessions were initiated on a downstream FortiGate. This is because the upstream FortiGate is altering the source IP address, making it responsible for tracking the session details.
B
Explanation:
When the upstream FortiGate is performing Network Address Translation (NAT), it creates new session entries for traffic passing through it. As a result, it generates its own traffic logs for those sessions, even if the sessions were initiated on a downstream FortiGate. This is because the upstream FortiGate is altering the source IP address, making it responsible for tracking the session details.
Question #23
Which two statements about high availability (HA) on FortiAnalyzer are true? (Choose two.)
- A . FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
- B . FortiAnalyzer HA active-passive mode can function without VRRP.
- C . All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode.
- D . All devices in a FortiAnalyzer HA cluster must have the same available disk space.
Correct Answer: C
C
Explanation:
The two correct statements about high availability (HA) on FortiAnalyzer are:
FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
FortiAnalyzer HA synchronizes both logs and certain system configuration settings between the units in the cluster to ensure consistent operation.
All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode.
In an HA cluster, all devices must be configured to operat` e in the same mode ― either analyzer mode or collector mode―to ensure consistency and proper functionality across the cluster.
The other options, such as VRRP, are not required for HA in FortiAnalyzer, and disk space can vary between nodes but may impact log storage capacity.
C
Explanation:
The two correct statements about high availability (HA) on FortiAnalyzer are:
FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
FortiAnalyzer HA synchronizes both logs and certain system configuration settings between the units in the cluster to ensure consistent operation.
All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode.
In an HA cluster, all devices must be configured to operat` e in the same mode ― either analyzer mode or collector mode―to ensure consistency and proper functionality across the cluster.
The other options, such as VRRP, are not required for HA in FortiAnalyzer, and disk space can vary between nodes but may impact log storage capacity.
Question #24
Which two statements about deleting ADOMs are true? (Choose two.)
- A . Logs must be purged or migrated before you can delete an ADOM.
- B . ADOMs with registered devices cannot be deleted.
- C . Default ADOMs cannot be deleted.
- D . The status of the ADOMs must be unlocked.
Correct Answer: BC
BC
Explanation:
DOMs with registered devices cannot be deleted.
An ADOM cannot be deleted if it has registered devices. You must first remove or deregister the devices before deleting the ADOM.
The status of the ADOMs must be unlocked.
An ADOM must be in an unlocked state before it can be deleted. If the ADOM is locked, it will not allow deletion.
BC
Explanation:
DOMs with registered devices cannot be deleted.
An ADOM cannot be deleted if it has registered devices. You must first remove or deregister the devices before deleting the ADOM.
The status of the ADOMs must be unlocked.
An ADOM must be in an unlocked state before it can be deleted. If the ADOM is locked, it will not allow deletion.
Question #25
Refer to the exhibit.
The capture displayed was taken on a FortiAnalyzer.
Why is a single IP address shown as the source for all logs received?
- A . FortiAnalyzer is using the device MAC addresses to differentiate their logs.
- B . The logs belong to devices that are part of a high availability (HA) cluster.
- C . FortiAnalyzer is receiving logs from the root FortiGate of a Security Fabric.
- D . The device sending logs has two VDOMs in the same ADOM.
Correct Answer: B
B
Explanation:
In a Fortinet Security Fabric, logs from downstream devices can be sent to FortiAnalyzer through the root FortiGate. This is why all the logs have the same source IP address (the root FortiGate). The root FortiGate aggregates and forwards the logs from all downstream devices, so the source IP in the log capture will appear to be from the root FortiGate itself, even though the logs originate from multiple devices within the fabric.
B
Explanation:
In a Fortinet Security Fabric, logs from downstream devices can be sent to FortiAnalyzer through the root FortiGate. This is why all the logs have the same source IP address (the root FortiGate). The root FortiGate aggregates and forwards the logs from all downstream devices, so the source IP in the log capture will appear to be from the root FortiGate itself, even though the logs originate from multiple devices within the fabric.
Question #26
What does the disk status Degraded mean for RAID management?
- A . The hard drive is no longer being used by the RAID controller.
- B . One or more drives are missing from the FortiAnalyzer unit.
- C . The device is writing data to the disk to restore the volume to an optimal state.
- D . FortiAnalyzer determined that the parity data in the disk is not valid.
Correct Answer: A
A
Explanation:
When the RAID status is Degraded, it typically indicates that one or more drives in the RAID array have failed or are missing, causing the RAID array to operate with reduced redundancy. In this state, the array is still functioning, but it’s at risk because the fault tolerance provided by RAID is compromised.
A
Explanation:
When the RAID status is Degraded, it typically indicates that one or more drives in the RAID array have failed or are missing, causing the RAID array to operate with reduced redundancy. In this state, the array is still functioning, but it’s at risk because the fault tolerance provided by RAID is compromised.
Question #27
Which process is responsible for enforcing the log file size?
- A . oftpd
- B . miglogd
- C . sqlplugind
- D . logfiled
Correct Answer: D
D
Explanation:
The logfiled process is responsible for enforcing log file size and managing log rotation on FortiAnalyzer. It ensures that log files do not exceed the configured size limits and handles the creation and rotation of new log files when necessary.
D
Explanation:
The logfiled process is responsible for enforcing log file size and managing log rotation on FortiAnalyzer. It ensures that log files do not exceed the configured size limits and handles the creation and rotation of new log files when necessary.
Question #28
Which two statements about FortiAnalyzer operating modes are true? (Choose two.)
- A . When in collector mode, FortiAnalyzer offloads the log receiving task to the analyzer.
- B . When in analyzer mode, FortiAnalyzer supports event management and reporting features.
- C . For the collector, you should allocate most of the disk space to analytics logs.
- D . Analyzer mode is the default operating mode.
Correct Answer: BD
BD
Explanation:
When in analyzer mode, FortiAnalyzer supports event management and reporting features.
In analyzer mode, FortiAnalyzer provides full support for log analysis, event management, and reporting capabilities.
Analyzer mode is the default operating mode.
By default, FortiAnalyzer operates in analyzer mode, which allows for log analysis and reporting.
The other options are incorrect because:
In collector mode, the FortiAnalyzer primarily stores logs and forwards them to another FortiAnalyzer in analyzer mode, not the other way around.
In collector mode, most disk space is usually allocated to storage rather than analytics, as the logs are primarily stored for forwarding.
BD
Explanation:
When in analyzer mode, FortiAnalyzer supports event management and reporting features.
In analyzer mode, FortiAnalyzer provides full support for log analysis, event management, and reporting capabilities.
Analyzer mode is the default operating mode.
By default, FortiAnalyzer operates in analyzer mode, which allows for log analysis and reporting.
The other options are incorrect because:
In collector mode, the FortiAnalyzer primarily stores logs and forwards them to another FortiAnalyzer in analyzer mode, not the other way around.
In collector mode, most disk space is usually allocated to storage rather than analytics, as the logs are primarily stored for forwarding.
Question #29
Which two statements regarding FortiAnalyzer log forwarding modes are true? (Choose two.)
- A . Both modes, forwarding and aggregation, support encryption of logs between devices.
- B . In aggregation mode, you can forward logs to syslog and CEF servers.
- C . Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
- D . Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
Correct Answer: A, D
A, D
Explanation:
Both modes, forwarding and aggregation, support encryption of logs between devices.
Both forwarding and aggregation modes can use encryption to securely transfer logs between FortiAnalyzer devices.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
In aggregation mode, logs are stored and then transferred to another FortiAnalyzer at a scheduled time, rather than in real-time. This mode is typically used when consolidating logs from multiple
devices into a central FortiAnalyzer.
The other options are incorrect because:
Forwarding mode sends logs in real-time but not exclusively to other FortiAnalyzer devices; it can also send logs to external systems like syslog servers.
Aggregation mode is primarily for consolidating logs to another FortiAnalyzer and doesn’t focus on forwarding logs to syslog or CEF servers.
A, D
Explanation:
Both modes, forwarding and aggregation, support encryption of logs between devices.
Both forwarding and aggregation modes can use encryption to securely transfer logs between FortiAnalyzer devices.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
In aggregation mode, logs are stored and then transferred to another FortiAnalyzer at a scheduled time, rather than in real-time. This mode is typically used when consolidating logs from multiple
devices into a central FortiAnalyzer.
The other options are incorrect because:
Forwarding mode sends logs in real-time but not exclusively to other FortiAnalyzer devices; it can also send logs to external systems like syslog servers.
Aggregation mode is primarily for consolidating logs to another FortiAnalyzer and doesn’t focus on forwarding logs to syslog or CEF servers.
Question #30
You are trying to initiate an authorization request from FortiGate to FortiAnalyzer, but the Security Fabric window does not open when you click Authorize.
Which two reasons can cause this to happen? (Choose two.)
- A . A pre-shared key needs to be established on both sides.
- B . The management computer does not have connectivity to the authorization IP address and port combination.
- C . The Security Fabric root is unauthorized and needs to be added as a trusted host.
- D . The fabric authorization settings on FortiAnalyzer are misconfigured.
Correct Answer: B, D
B, D
Explanation:
The management computer does not have connectivity to the authorization IP address and port combination.
If there is no network connectivity between the management computer and the FortiAnalyzer on the specific IP address and port used for authorization, the Security Fabric window will not open.
The fabric authorization settings on FortiAnalyzer are misconfigured.
If the fabric authorization settings on FortiAnalyzer are not properly configured, FortiGate will not be able to initiate the authorization request, preventing the Security Fabric window from opening.
The other options are not applicable because:
Pre-shared keys are not required for initial authorization between FortiGate and FortiAnalyzer; they are typically used for establishing VPN tunnels.
The Security Fabric root does not need to be added as a trusted host to open the authorization window. Trusted hosts are more relevant to FortiGate’s access control for management interfaces.
B, D
Explanation:
The management computer does not have connectivity to the authorization IP address and port combination.
If there is no network connectivity between the management computer and the FortiAnalyzer on the specific IP address and port used for authorization, the Security Fabric window will not open.
The fabric authorization settings on FortiAnalyzer are misconfigured.
If the fabric authorization settings on FortiAnalyzer are not properly configured, FortiGate will not be able to initiate the authorization request, preventing the Security Fabric window from opening.
The other options are not applicable because:
Pre-shared keys are not required for initial authorization between FortiGate and FortiAnalyzer; they are typically used for establishing VPN tunnels.
The Security Fabric root does not need to be added as a trusted host to open the authorization window. Trusted hosts are more relevant to FortiGate’s access control for management interfaces.
Question #31
Which two methods can you use to restrict administrative access on FortiAnalyzer? (Choose two.)
- A . Configure trusted hosts.
- B . Limit access to specific virtual domains.
- C . Fabric connectors to external LDAP servers.
- D . Use administrator profiles.
Correct Answer: A, D
A, D
Explanation:
Configure trusted hosts.
Trusted hosts restrict administrative access to FortiAnalyzer by limiting the IP addresses or subnets from which administrators can log in.
Use administrator profiles.
Administrator profiles define roles and permissions, restricting what specific administrators can access and manage on FortiAnalyzer.
The other options are not applicable because:
Limiting access to specific virtual domains is not applicable to FortiAnalyzer, as virtual domains (VDOMs) are a concept used in FortiGate, not FortiAnalyzer.
Fabric connectors to external LDAP servers are used for authentication purposes but do not directly restrict administrative access based on roles or IP addresses.
A, D
Explanation:
Configure trusted hosts.
Trusted hosts restrict administrative access to FortiAnalyzer by limiting the IP addresses or subnets from which administrators can log in.
Use administrator profiles.
Administrator profiles define roles and permissions, restricting what specific administrators can access and manage on FortiAnalyzer.
The other options are not applicable because:
Limiting access to specific virtual domains is not applicable to FortiAnalyzer, as virtual domains (VDOMs) are a concept used in FortiGate, not FortiAnalyzer.
Fabric connectors to external LDAP servers are used for authentication purposes but do not directly restrict administrative access based on roles or IP addresses.
Question #32
Which statement when you are upgrading the firmware on an HA cluster made up of three FortiAnalyzer devices is true?
- A . You can perform the firmware upgrade using only a console connection.
- B . All FortiAnalyzer devices will be upgraded at the same time.
- C . Enabling uninterruptible-upgrade prevents normal operations from being interrupted during the upgrade.
- D . First, upgrade the secondary devices, and then upgrade the primary device.
Correct Answer: D
D
Explanation:
When upgrading firmware on an HA cluster of FortiAnalyzer devices, it is recommended to upgrade the secondary devices first, and then upgrade the primary device to minimize downtime and maintain continuity in log collection and other HA functions. This ensures that the primary device continues to handle operations while the secondary devices are being upgraded, and once the secondary devices are updated, the primary device can be upgraded with minimal service disruption.
D
Explanation:
When upgrading firmware on an HA cluster of FortiAnalyzer devices, it is recommended to upgrade the secondary devices first, and then upgrade the primary device to minimize downtime and maintain continuity in log collection and other HA functions. This ensures that the primary device continues to handle operations while the secondary devices are being upgraded, and once the secondary devices are updated, the primary device can be upgraded with minimal service disruption.
Question #33
What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?
- A . There is no need to do anything because the disk will self-recover.
- B . Run execute format disk to format and restart the FortiAnalyzer device.
- C . Perform a hot swap of the disk.
- D . Shut down FortiAnalyzer and replace the disk.
Correct Answer: C
C
Explanation:
In a hardware RAID setup, FortiAnalyzer supports hot swapping, which allows you to replace a failed disk without shutting down the device. The RAID controller will automatically rebuild the array using the new disk, minimizing downtime and maintaining data integrity.
C
Explanation:
In a hardware RAID setup, FortiAnalyzer supports hot swapping, which allows you to replace a failed disk without shutting down the device. The RAID controller will automatically rebuild the array using the new disk, minimizing downtime and maintaining data integrity.
Question #34
Which three RAID configurations provide fault tolerance on FortiAnalyzer? (Choose three.)
- A . RAIDO
- B . RAID 5
- C . RAID1
- D . RAID 6+0
- E . RAID 0+0
Correct Answer: B, C, D
B, C, D
Explanation:
RAID 1 provides fault tolerance through disk mirroring.
RAID 5 provides fault tolerance by using distributed parity across multiple disks.
RAID 6+0 combines striping with double parity, offering enhanced fault tolerance.
RAID 0 and RAID 0+0 do not provide any fault tolerance, as they focus on performance through data striping but offer no redundancy.
B, C, D
Explanation:
RAID 1 provides fault tolerance through disk mirroring.
RAID 5 provides fault tolerance by using distributed parity across multiple disks.
RAID 6+0 combines striping with double parity, offering enhanced fault tolerance.
RAID 0 and RAID 0+0 do not provide any fault tolerance, as they focus on performance through data striping but offer no redundancy.
Question #35
Refer to the exhibit.
Based on the output, what can you conclude about the FortiAnalyzer logging status?
- A . The connection between FortiGate and FortiAnalyzer is overloaded.
- B . FortiGate has logs to send, but FortiAnalyzer is unavailable.
- C . FortiGate is configured to send logs in batches.
- D . FortiGate is sending logs again after it performed a reboot.
Correct Answer: A
A
Explanation:
The output shows that FortiGate has sent a large number of logs (sent=180189698), but some logs have failed to be sent (failed=4507). This suggests that FortiAnalyzer was temporarily unavailable or had an issue receiving logs, leading to the failure count. There are no logs cached or dropped, indicating FortiGate is still attempting to send logs but with some failures.
A
Explanation:
The output shows that FortiGate has sent a large number of logs (sent=180189698), but some logs have failed to be sent (failed=4507). This suggests that FortiAnalyzer was temporarily unavailable or had an issue receiving logs, leading to the failure count. There are no logs cached or dropped, indicating FortiGate is still attempting to send logs but with some failures.
Question #36
Which two methods are the most common methods to control and restrict administrative access on FortiAnalyzer? (Choose two.)
- A . Virtual domains
- B . Administrative access profiles
- C . Trusted hosts
- D . Security Fabric
Correct Answer: BC
BC
Explanation:
Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/219292/administrator-profiles
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/581222/trusted-hosts
BC
Explanation:
Reference:
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/219292/administrator-profiles
https://docs2.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/581222/trusted-hosts
Question #37
Which daemon is responsible for enforcing raw log file size?
- A . logfiled
- B . oftpd
- C . sqlplugind
- D . miglogd
Correct Answer: A
Question #38
An administrator has configured the following settings:
config system global
set log-checksum md5-auth
end
What is the significance of executing this command?
- A . This command records the log file MD5 hash value.
- B . This command records passwords in log files and encrypts them.
- C . This command encrypts log transfer between FortiAnalyzer and other devices.
- D . This command records the log file MD5 hash value and authentication code.
Correct Answer: D
D
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.6/administration-guide/410387/appendix-b-log-integrity-and-secure-log-transfer
D
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.6/administration-guide/410387/appendix-b-log-integrity-and-secure-log-transfer
Question #39
Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)
- A . Mail server
- B . Output profile
- C . SFTP server
- D . Report scheduling
Correct Answer: AB
AB
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-guide/598322/creating-output-profiles
AB
Explanation:
Reference: https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-guide/598322/creating-output-profiles
Question #40
For which two purposes would you use the command set log checksum? (Choose two.)
- A . To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
- B . To prevent log modification or tampering
- C . To encrypt log communications
- D . To send an identical set of logs to a second logging server
Correct Answer: A, B
A, B
Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the config system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp, and authentication code when the log is rolled and archived and when the log is uploaded (if that feature is enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer to an SSH File Transfer Protocol (SFTP) server during log upload.
FortiAnalyzer_7.0_Study_Guide-Online page 149
A, B
Explanation:
To prevent logs from being tampered with while in storage, you can add a log checksum using the config system global command. You can configure FortiAnalyzer to record a log file hash value, timestamp, and authentication code when the log is rolled and archived and when the log is uploaded (if that feature is enabled). This can also help against man-in-the-middle only for the transmission from FortiAnalyzer to an SSH File Transfer Protocol (SFTP) server during log upload.
FortiAnalyzer_7.0_Study_Guide-Online page 149
Question #41
Refer to the exhibit.
What does the data point at 14:55 tell you?
- A . The received rate is almost at its maximum for this device
- B . The sqlplugind daemon is behind in log indexing by two logs
- C . Logs are being dropped
- D . Raw logs are reaching FortiAnalyzer faster than they can be indexed
Correct Answer: D
Question #42
You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed.
What is the recommended method to replace the disk?
- A . Shut down FortiAnalyzer and then replace the disk
- B . Downgrade your RAID level, replace the disk, and then upgrade your RAID level
- C . Clear all RAID alarms and replace the disk while FortiAnalyzer is still running
- D . Perform a hot swap
Correct Answer: A
A
Explanation:
A
Explanation:
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping
Question #43
On the RAID management page, the disk status is listed as Initializing.
What does the status Initializing indicate about what the FortiAnalyzer is currently doing?
- A . FortiAnalyzer is ensuring that the parity data of a redundant drive is valid
- B . FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
- C . FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
- D . FortiAnalyzer is functioning normally
Correct Answer: C
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef-11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef-11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
Question #44
In the FortiAnalyzer FortiView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IP addresses, without introducing any additional performance impact to FortiAnalyzer?
- A . Resolve IP addresses on a per-ADOM basis to reduce delay on FortiView while IPs resolve
- B . Configure # set resolve-ip enable in the system FortiView settings
- C . Configure local DNS servers on FortiAnalyzer
- D . Resolve IP addresses on FortiGate
Correct Answer: D
D
Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get both source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP resolution does destination IPs only”
D
Explanation:
https://packetplant.com/fortigate-and-fortianalyzer-resolve-source-and-destination-ip/
“As a best practice, it is recommended to resolve IPs on the FortiGate end. This is because you get both source and destination, and it offloads the work from FortiAnalyzer. On FortiAnalyzer, this IP resolution does destination IPs only”
Question #45
You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info shows the quota used.
What does the disk quota refer to?
- A . The maximum disk utilization for each device in the ADOM
- B . The maximum disk utilization for the FortiAnalyzer model
- C . The maximum disk utilization for the ADOM type
- D . The maximum disk utilization for all devices in the ADOM
Correct Answer: D
Question #46
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
- A . To properly correlate logs
- B . To use real-time forwarding
- C . To resolve host names
- D . To improve DNS response times
Correct Answer: A
A
Explanation:
A
Explanation:
Question #47
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?
- A . FortiAnalyzer uses log fetching to retrieve the logs when back online
- B . FortiGate uses the miglogd process to cache the logs
- C . The logfiled process stores logs in offline mode
- D . Logs are dropped
Correct Answer: B
B
Explanation:
B
Explanation:
Question #48
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?
execute sql-local rebuild-adom <new-ADOM-name>
- A . To reset the disk quota enforcement to default
- B . To remove the analytics logs of the device from the old database
- C . To migrate the archive logs to the new ADOM
- D . To populate the new ADOM with analytical logs for the moved device, so you can run reports
Correct Answer: D
D
Explanation:
D
Explanation:
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 128: Are the device analytics logs required for reports in the new ADOM? If so, rebuild the new ADOM database
Question #49
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data?
- A . Hot swap the disk
- B . Replace the disk and rebuild the RAID manually
- C . Take no action if the RAID level supports a failed disk
- D . Shut down FortiAnalyzer and replace the disk
Correct Answer: D
D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2F FortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.
If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running C known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping
D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2F FortiManager%20devices%20that,to%20exchanging%20the%20hard%20disk.
If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running C known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping
Question #50
If you upgrade the FortiAnalyzer firmware, which report element can be affected?
- A . Custom datasets
- B . Report scheduling
- C . Report settings
- D . Output profiles
Correct Answer: A
A
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports
A
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports
Question #51
FortiAnalyzer reports are dropping analytical data from 15 days ago, even though the data policy setting for analytics logs is 60 days.
What is the most likely problem?
- A . Quota enforcement is acting on analytical data before a report is complete
- B . Logs are rolling before the report is run
- C . CPU resources are too high
- D . Disk utilization for archive logs is set for 15 days
Correct Answer: B
B
Explanation:
Reference: https://forum.fortinet.com/tm.aspx?m=138806
B
Explanation:
Reference: https://forum.fortinet.com/tm.aspx?m=138806
Question #52
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
- A . Antivirus logs
- B . Web filter logs
- C . IPS logs
- D . Application control logs
Correct Answer: B
B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
Question #53
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A . A local wildcard administrator account
- B . A remote LDAP server
- C . A trusted host profile that restricts access to the LDAP group
- D . An administrator group
Correct Answer: A, B
A, B
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567
A, B
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567
Question #54
When you perform a system backup, what does the backup configuration contain? (Choose two.)
- A . Generated reports
- B . Device list
- C . Authorized devices logs
- D . System information
Correct Answer: B, D
B, D
Explanation:
https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm
Reference: https://help.fortinet.com/fauth/5-2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm
B, D
Explanation:
https://help.fortinet.com/fa/cli-olh/5-6-5/Content/Document/1400_execute/backup.htm
Reference: https://help.fortinet.com/fauth/5-2/Content/Admin%20Guides/5_2%20Admin%20Guide/300/301_Dashboard.htm
Question #55
Which clause is considered mandatory in SELECT statements used by the FortiAnalyzer to generate reports?
- A . FROM
- B . LIMIT
- C . WHERE
- D . ORDER BY
Correct Answer: A
A
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500
A
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48500
Question #56
What is the purpose of a dataset query in FortiAnalyzer?
- A . It sorts log data into tables
- B . It extracts the database schema
- C . It retrieves log data from the database
- D . It injects log data into the database
Correct Answer: C
C
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.4/administration-guide/148744/creating-datasets
C
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.0.4/administration-guide/148744/creating-datasets
Question #57
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the data policy.
What is the most likely problem?
- A . CPU resources are too high
- B . Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device
- C . The total disk space is insufficient and you need to add other disk
- D . The ADOM disk quota is set too low, based on log rates
Correct Answer: D
D
Explanation:
Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1100_Storage/0017_Deleted%20device%20logs.htm
D
Explanation:
Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1100_Storage/0017_Deleted%20device%20logs.htm
Question #58
Which two constraints can impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.)
- A . License type
- B . Disk size
- C . Total quota
- D . RAID level
Correct Answer: B, D
B, D
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-allocation
B, D
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-allocation
Question #59
View the exhibit:
What does the 1000MB maximum for disk utilization refer to?
- A . The disk quota for the FortiAnalyzer model
- B . The disk quota for all devices in the ADOM
- C . The disk quota for each device in the ADOM
- D . The disk quota for the ADOM type
Correct Answer: B
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-log-storage-policy
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-log-storage-policy
Question #60
You’ve moved a registered logging device out of one ADOM and into a new ADOM.
What happens when you rebuild the new ADOM database?
- A . FortiAnalyzer resets the disk quota of the new ADOM to default.
- B . FortiAnalyzer migrates archive logs to the new ADOM.
- C . FortiAnalyzer migrates analytics logs to the new ADOM.
- D . FortiAnalyzer removes logs from the old ADOM.
Correct Answer: C
C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40383
C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40383