What statements are true regarding disk log quota? (Choose two)
What statements are true regarding disk log quota? (Choose two)A . The FortiAnalyzer stops logging once the disk log quota is met. B. The FortiAnalyzer automatically sets the disk log quota based on the device. C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log...
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?A . Antivirus logs B. Web filter logs C. IPS logs D. Application control logsView AnswerAnswer: B Explanation: Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
What is the purpose of employing RAID with FortiAnalyzer?
What is the purpose of employing RAID with FortiAnalyzer?A . To introduce redundancy to your log data B. To provide data separation between ADOMs C. To separate analytical and archive data D. To back up your logsView AnswerAnswer: A Explanation: https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%20performance%20improvement%2C%20or%20both.
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?A . To properly correlate logs B. To use real-time forwarding C. To resolve host names D. To improve DNS response timesView AnswerAnswer: A
How many events will be added to the incident created after running this playbook?
Refer to the exhibits. How many events will be added to the incident created after running this playbook?A . Ten events will be added. B. No events will be added. C. Five events will be added. D. Thirteen events will be added.View AnswerAnswer: C
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)A . A local wildcard administrator account B. A remote LDAP server C. A trusted host profile that restricts access to the LDAP group...
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)A . When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. B. Collector mode is the default operating mode. C. When in collector mode. FortiAnalyzer supports event management and reporting...
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?
If you upgrade your FortiAnalyzer firmware, what report elements can be affected?A . Output profiles B. Report settings C. Report scheduling D. Custom datasetsView AnswerAnswer: D
What happens when you rebuild the new ADOM database?
You’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild the new ADOM database?A . FortiAnalyzer resets the disk quota of the new ADOM to default. B. FortiAnalyzer migrates archive logs to the new ADOM. C. FortiAnalyzer migrates analytics logs...
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)
In order for FortiAnalyzer to collect logs from a FortiGate device, what configuration is required? (Choose two.)A . Remote logging must be enabled on FortiGate B. Log encryption must be enabled C. ADOMs must be enabled D. FortiGate must be registered with FortiAnalyzerView AnswerAnswer: A,D Explanation: Pg 70: “after you...