FAZ7.4

Which two statements regarding ADOM modes are true? (Choose two.). In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible. You can change ADOM modes only through the CLI. In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs. Normal mode is the default ADOM mode.

What is the purpose of the FortiAnalyzer command diagnose system print netstat?. It provides network statistics for active connections, including the protocols, IP addresses, and connection states. It provides the complete routing table, including directly connected routes. It provides the static DNS table, including the host names and their expiration timers. It provides NTP server information, including server IPs, stratum, poll time, and latency.

Refer to the exhibit. The exhibit shows the creation of a new administrator on FortiAnalyzer. What are two effects of enabling the choice Match all users on remote server when configuring a new administrator? (Choose two.). It allows user accounts in the LDAP server to use two-factor authentication. It creates a wildcard administrator using an LDAP server. User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time. Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.

The connection status of a new device on FortiAnalyzer is listed as Unauthorized. What does that status mean?. It is a device whose registration has not yet been accepted in FortiAnalyzer. It is a device that has not yet been assigned an ADOM. It is a device that is waiting for you to configure a pre-shared key. It is a device that FortiAnalyzer does not support.

Refer to the exhibit. Which image corresponds to the packet capture shown in the exhibit?. Remote-FortiGate 10.200.30.1 (Up arrow) Connection Up (Lock) Real Time. Remote-FortiGate 10.200.30.1 (Up arrow) Connection Up Real Time. Remote-FortiGate 10.200.30.1 (Down arrow) Connection Down (Lock) Real Time. Remote-FortiGate 10.200.30.1 (Down arrow) Connection Down Real Time.

Refer to the exhibit. What is the purpose of configuring FortiAnalyzer with the settings displayed in the image?. To increase reliability. To expand bandwidth. To maximize resiliency. To improve security.

What are offline logs on FortiAnalyzer?. Compressed logs, also known as archive logs. Logs that are indexed and stored in the SQL database. Any logs collected from offline devices after they boot up. Real-time logs that are not yet indexed.

Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.). Logs from registered devices. Database snapshot. Report information. System information.

Refer to the exhibit. Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?. FortiAnalyzer1 and FortiAnalyzer3. All devices listed can be members. FortiAnalyzer1 and FortiAnalyzer2. FortiAnalyzer2 and FortiAnalyzer3.

You finished registering a FortiGate device. After traffic starts to flow through FortiGate, you notice that only some of the logs expected are being received on FortiAnalyzer. What could be the reason for the logs not arriving on FortiAnalyzer?. FortiGate was added to the wrong ADOM type. This FortiGate model is not fully supported. FortiGate does not have logging configured correctly. This FortiGate is part of an HA cluster but it is the secondary device.

An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices. However, administrator fortinet is not able to create a mail server that can be used to send alert emails. What can be the problem?. ADOM mode is configured with Advanced mode. A trusted host is configured. fortinet is assigned the default Standard_User administrative profile. fortinet is assigned the default Restricted_User administrative profile.

Which two parameters are used to calculate the Total Quota value available on FortiAnalyzer? (Choose two.). Used storage. Retention policy. Reserved space. Total system storage.

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate on FortiAnalyzer with any user account in a single LDAP group? (Choose two.). A local wildcard administrator account. An administrator group. One or more remote LDAP servers. LDAP servers IP addresses added as trusted hosts.

An administrator has moved a FortiGate device from the root ADOM to ADOM1. Which two statements are true regarding logs? (Choose two.). Analytics logs will be moved to ADOM1 from the root ADOM automatically. Archived logs will be moved to ADOM1 from the root ADOM automatically. Logs will be present in both ADOMs immediately after the move. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.

Which statement about the communication between FortiGate high availability (HA) clusters and FortiAnalyzer is true?. If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together. FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers. If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer. The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.

What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?. There is no need to do anything because the disk will self-recover. Run execute format disk to format and restart the FortiAnalyzer device. Perform a hot swap of the disk. Shut down FortiAnalyzer and replace the disk.

An administrator has configured the following settings: What is the purpose of executing these commands?. To record the hash value and authentication code of log files. To encrypt log transfer between FortiAnalyzer and other devices. To create the secure channel used by the OFTP process. To verify the integrity of the log files received.

Which statement correctly describes RAID 10 (1+0) on FortiAnalyzer?. A configuration with four disks, each with 2 ТВ of capacity, provides a total space of 4 ТВ. It combines mirroring, striping, and distributed parity to provide performance and fault C. tolerance. A configuration with four disks, each with 2 ТВ of capacity, provides a total space of 2 ТВ. It uses striping to provide performance and fault tolerance.

Refer to the exhibit, which shows the HA configuration settings of a FortiAnalyzer device. The administrator wants to join this FortiAnalyzer to an existing HA cluster. What can you conclude from the configuration displayed?. After joining the cluster, this FortiAnalyzer will forward received logs to its peers. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds. This FortiAnalyzer is configured to route HA traffic through a gateway. This FortiAnalyzer will join the existing HA cluster as the secondary.

Which two parameters impact the amount of reserved disk space required by FortiAnalyzer? (Choose two.). Total quota. License type. RAID level. Disk size.

Refer to the exhibit. The exhibit shows the creation of a new administrator on FortiAnalyzer. The new account uses the credentials stored on an LDAP server. Why would an administrator configure a password for this account?. This password is used if the authentication server becomes unreachable. This password authenticates FortiAnalyzer against the LDAP server. This password is set to comply with FortiAnalyzer password policy. This password is required because this is a restricted user.

In a Fortinet Security Fabric, what can make an upstream FortiGate create traffic logs associated with sessions initiated on downstream FortiGate devices?. The traffic destination is another FortiGate in the fabric. The upstream FortiGate is configured to do NAT. Log redundancy is configured in the fabric. The downstream device cannot connect to FortiAnalyzer.

Which two statements about high availability (HA) on FortiAnalyzer are true? (Choose two.). FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings. FortiAnalyzer HA active-passive mode can function without VRRP. All devices in a FortiAnalyzer HA cluster must run in the same operation mode, either analyzer mode or collector mode. All devices in a FortiAnalyzer HA cluster must have the same available disk space.

Which two statements about deleting ADOMs are true? (Choose two.). Logs must be purged or migrated before you can delete an ADOM. ADOMs with registered devices cannot be deleted. Default ADOMs cannot be deleted. The status of the ADOMs must be unlocked.

Refer to the exhibit. The capture displayed was taken on a FortiAnalyzer. Why is a single IP address shown as the source for all logs received?. FortiAnalyzer is using the device MAC addresses to differentiate their logs. The logs belong to devices that are part of a high availability (HA) cluster. FortiAnalyzer is receiving logs from the root FortiGate of a Security Fabric. The device sending logs has two VDOMs in the same ADOM.

What does the disk status Degraded mean for RAID management?. The hard drive is no longer being used by the RAID controller. One or more drives are missing from the FortiAnalyzer unit. The device is writing data to the disk to restore the volume to an optimal state. FortiAnalyzer determined that the parity data in the disk is not valid.

Which process is responsible for enforcing the log file size?. oftpd. miglogd. sqlplugind. logfiled.

Which two statements about FortiAnalyzer operating modes are true? (Choose two.). When in collector mode, FortiAnalyzer offloads the log receiving task to the analyzer. When in analyzer mode, FortiAnalyzer supports event management and reporting features. For the collector, you should allocate most of the disk space to analytics logs. Analyzer mode is the default operating mode.

Which two statements regarding FortiAnalyzer log forwarding modes are true? (Choose two.). Both modes, forwarding and aggregation, support encryption of logs between devices. In aggregation mode, you can forward logs to syslog and CEF servers. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

You are trying to initiate an authorization request from FortiGate to FortiAnalyzer, but the Security Fabric window does not open when you click Authorize. Which two reasons can cause this to happen? (Choose two.). A pre-shared key needs to be established on both sides. The management computer does not have connectivity to the authorization IP address and port combination. The Security Fabric root is unauthorized and needs to be added as a trusted host. The fabric authorization settings on FortiAnalyzer are misconfigured.

Which two methods can you use to restrict administrative access on FortiAnalyzer? (Choose two.). Configure trusted hosts. Limit access to specific virtual domains. Fabric connectors to external LDAP servers. Use administrator profiles.

Which statement when you are upgrading the firmware on an HA cluster made up of three FortiAnalyzer devices is true?. You can perform the firmware upgrade using only a console connection. All FortiAnalyzer devices will be upgraded at the same time. Enabling uninterruptible-upgrade prevents normal operations from being interrupted during the upgrade. First, upgrade the secondary devices, and then upgrade the primary device.

Which three RAID configurations provide fault tolerance on FortiAnalyzer? (Choose three.). RAID 0. RAID 5. RAID 1. RAID 6+0. RAID 0+0.

Refer to the exhibit. Based on the output, what can you conclude about the FortiAnalyzer logging status?. The connection between FortiGate and FortiAnalyzer is overloaded. FortiGate has logs to send, but FortiAnalyzer is unavailable. FortiGate is configured to send logs in batches. FortiGate is sending logs again after it performed a reboot.

What are analytics logs on FortiAnalyzer?. Logs that are saved in the active log file with the .loq extension. Logs that are compressed and saved to a log file with the .gz extension. Logs that are rolled over when the log file reaches a specific size. Logs that are indexed and stored in the SQL database.

Which process caches logs on FortiGate when FortiAnalyzer is not reachable?. sqlplugind. miglogd. logfiled. oftpd.

Which two statements regarding the log synchronization states for HA on FortiAnalyzer are true? (Choose two.). With Initial Logs Sync, when you add a unit to an HA cluster, the primary device synchronizes its logs with the backup device. When Log Data Sync is turned on, the backup device reboots and then rebuilds the log database with the synchronized logs. By default, Log Data Sync is disabled on all backup devices. Log Data Sync provides real-time log synchronization to all backup devices.

Which two statements are true about FortiAnalyzer log forwarding modes? (Choose two.). Both modes, forwarding and aggregation, send logs as soon as they are received. Aggregation mode requires two FortiAnalyzer devices. Forwarding mode forwards logs to other FortiAnalyzer devices, syslog servers, or CEF servers. Forwarding mode requires configuration on the server side.

Refer to the exhibit. Based on the output, what can you conclude about the FortiAnalyzer logging status?. FortiGate is sending logs again after it performed a reboot. FortiGate has logs to send, but FortiAnalyzer is unavailable. FortiGate is configured to send logs in batches. The connection between FortiGate and FortiAnalyzer is overloaded.

Which two statements about creating ADOMs are true? (Choose two.). An administrator with the default Standard_User profile can create ADOMs. Disk quotas can be defined per device inside the ADOM. FortiAnalyzer creates default ADOMs when ADOMs are enabled. The ADOM type you create must match the device type you are planning to add.

Which two of the available registration methods place the device automatically in its assigned ADOM? (Choose two.). Serial number. Pre-shared key. Fabric Authorization. Request from the device.

For which two SAML roles can the FortiAnalyzer be configured? (Choose two.). Identity collector. Identity provider. Principal. Service provider.

What is the purpose of the FortiAnalyzer command execute format disk?. To reset all settings from flash except the current IP addresses and routes. To erase all device settings and images, databases, and log data from the disk, but preserve the IP and routing info. To perform a low-level format of the disk, overwriting the hard disk with random data. To reset to factory default settings from flash.

Which statement is true about ADOMs?. A fabric ADOM can include all the device types supported by FortiAnalyzer. When a FortiAnalyzer Fabric is implemented, the default ADOM mode is set to advanced. In normal mode, you cannot change the disk quota of the ADOM after its creation. You can change the ADOM mode only through the GUI.

Which statement regarding the FortiAnalyzer Fabric is true?. The Fabric supervisor collects logs from the Fabric members. Logging devices can register to the Fabric supervisor or to Fabric members. Fabric members support HA. Administrators can create new incidents from the Fabric supervisor.

If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?. The configured priority is checked first. The active port number is checked first. The preferred role is checked first. The configured IP address is checked first.

For which two purposes would you use the command set log-checksum? (Choose two.). To encrypt log communications and data. To prevent log modification or tampering. To protect log data from man-in-the-middle attacks. To send an identical set of logs to a second logging server.

An administrator has moved a registered logging device out of one ADOM and into a new ADOM. What is the purpose of running the following command: execute sql-local rebuild-adom ?. To reset the ADOM disk quota enforcement to its default value. To migrate the archive logs to the new ADOM. To populate the new ADOM with analytical logs for the moved device, so you can run reports. To remove the analytics logs of the device from the old database.