- All Exams Instant Download
What is the most likely problem?
Logs are being deleted from one of the ADOMs earlier than the configured setting for archiving in the datapolicy. What is the most likely problem?A . CPU resources are too high B. Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device C. The total disk space...
What statements are true regarding disk log quota? (Choose two)
What statements are true regarding disk log quota? (Choose two)A . The FortiAnalyzer stops logging once the disk log quota is met. B. The FortiAnalyzer automatically sets the disk log quota based on the device. C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log...
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)A . When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format. B. Collector mode is the default operating mode. C. When in collector mode. FortiAnalyzer supports event management and reporting...
What can the CLI command # diagnose test application oftpd 3 help you to determine?
What can the CLI command # diagnose test application oftpd 3 help you to determine?A . What devices and IP addresses are connecting to FortiAnalyzer B. What logs, if any, are reaching FortiAnalyzer C. What ADOMs are enabled and configured D. What devices are registered and unregisteredView AnswerAnswer: A Explanation:...
How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?A . Configure local DNS servers on FortiAnalyzer B. Resolve IPs on FortiGate C. Configure # set...
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?A . Antivirus logs B. Web filter logs C. IPS logs D. Application control logsView AnswerAnswer: B Explanation: Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
What is the purpose of employing RAID with FortiAnalyzer?
What is the purpose of employing RAID with FortiAnalyzer?A . To introduce redundancy to your log data B. To provide data separation between ADOMs C. To separate analytical and archive data D. To back up your logsView AnswerAnswer: A Explanation: https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%20of%20Inexpensive,%2C%20performance%20improvement%2C%20or%20both.
Which two statements are true regarding enabling auto-cache on FortiAnalyzer?
Refer to the exhibit. Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)A . Report size will be optimized to conserve disk space on FortiAnalyzer. B. Reports will be cached in the memory. C. This feature is automatically enabled for scheduled reports. D. Enabling auto-cache reduces report...
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?A . To properly correlate logs B. To use real-time forwarding C. To resolve host names D. To improve DNS response timesView AnswerAnswer: A
How many events will be added to the incident created after running this playbook?
Refer to the exhibits. How many events will be added to the incident created after running this playbook?A . Ten events will be added. B. No events will be added. C. Five events will be added. D. Thirteen events will be added.View AnswerAnswer: C
