Fortinet FCP_FAZ_AD-7.4 Dumps

Standalone

Manager

Analyzer

Collector

Use this command only if the source IP addresses are not resolved on FortiGate.

It resolves the source and destination IP addresses to a hostname in FortiView on FortiAnalyzer.

You must configure local DNS servers on FortiGate for this command to resolve IP addresses on Forti Analyzer.

It resolves the destination IP address to a hostname in FortiView on FortiAnalyzer.

Output profile

Report scheduling

SFTP server

SNMP server

RADIUS

Local

LDAP

PKI

TACACS+

The traffic destination is another FortiGate in the fabric.

The upstream FortiGate is configured to do NAT

Log redundancy is configured in the fabric.

The downstream device cannot connect to FortiAnalyzer.

RAIDO

RAID 5

RAID1

RAID 6+0

RAID 0+0

Used storage

Retention policy

Reserved space

Total system storage

It automatically updates the hcache when new logs arrive.

It provides diagnostics on report generation time.

It reduces the log insert lag rate.

It reduces report generation time.

Set the ADOM mode to Advanced

Assign the ADOMs to the administrator’s account

Configure trusted hosts

Assign the default Super_User administrator profile

It allows user accounts in the LDAP server to use two-factor authentication.

It creates a wildcard administrator using an LDAP server.

User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.

Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.

Click FortiView and generate a report for that administrator.

Click Task Monitor and view the tasks performed by that administrator.

Click Log View and generate a report for that administrator.

View the tasks performed by the rogue administrator in Fabric View.

FortiAnalyzer Event Handler

Incoming webhook

FortiOS Event Log

Fabric Connector event

ADOM mode is configured with Advanced mode.

A trusted host is configured.

fortinet is assigned the default Standard_User administrative profile.

fortinet is assigned the default Restricted_User administrative profile.

oftpd

miglogd

sqlplugind

logfiled

A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.

Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.

Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.

Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.

You enabled auto-cache with extended log filtering.

The logfiled service has not indexed all the expected logs.

The logs were overwritten by the data retention policy.

The time frame selected in the report is wrong.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

operation-login & dstip==10.1.1.210 & userl-admin

operation-login & performed_on=="GUI(10.1.1.210)' & user!=admin

To properly correlate logs

To use real-time forwarding

To resolve host names

To improve DNS response times

The connection between FortiGate and FortiAnalyzer is overloaded.

FortiGate has logs to send, but FortiAnalyzer is unavailable.

FortiGate is configured to send logs in batches.

FortiGate is sending logs again after it performed a reboot.

Ten events will be added.

No events will be added.

Five events will be added.

Thirteen events will be added.

SMS

Email

SNMP

IM

The performance of FortiAnalyzer is below the baseline.

FortiAnalyzer is using its cache to avoid dropping logs.

The log insert lag time is increasing.

The sqlplugind service is caught up with new logs.

logfiled

oftpd

sqlplugind

miglogd

Report size will be optimized to conserve disk space on FortiAnalyzer.

Reports will be cached in the memory.

This feature is automatically enabled for scheduled reports.

Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

Logs that are indexed and stored in the SQL database.

Logs that are collected from offline devices after they boot up.

logfiled

sqlplugind

oftpd

miglogd

Logs from registered devices

Database snapshot

Report information

System information

ADOMs are enabled by default.

ADOMs constrain other administrator’s access privileges to a subset of devices in the device list.

Once enabled, the Device Manager, FortiView, Event Management, and Reports tab display per ADOM.

All administrators can create ADOMs--not just the admin administrator.

FortiAnalyzer overwrites the log files.

FortiAnalyzer stops logging.

FortiAnalyzer rolls the active log by renaming the file.

FortiAnalyzer forwards logs to syslog.

Allows you to manage the entire life cycle of a threat or breach.

Its use of the available disk space is capped at 50%.

It requires a licensed FortiSIEM supervisor.

It can be installed as a dedicated VM.

The total disk space is insufficient and you need to add other disk.

CPU resources are too high.

The ADOM disk quota is set too low based on log rates.

Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

Configure local DNS servers on FortiAnalyzer

Resolve IPs on FortiGate

Configure # set resolve-ip enable in the system FortiView settings

Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Both modes, forwarding and aggregation, support encryption of logs between devices.

In aggregation mode, you can forward logs to syslog and CEF servers.

Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.

FortiAnalyzer HA can function without VRRP. and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.

FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.

All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.

FortiAnalyzer HA implementation is supported by many public cloud infrastructures such as AWS, Microsoft Azure, and Google Cloud.

FortiAnalyzer1 and FortiAnalyzer3

All devices listed can be members.

FortiAnalyzer1 and FortiAnalyzer2

FortiAnalyzer2 and FortiAnalyzer3

FortiAnalyzer uses log fetching to retrieve the logs when back online

FortiGate uses the miglogd process to cache the logs

The logfiled process stores logs in offline mode

Logs are dropped

You can export only one playbook at a time.

You can import a playbook even if there is another one with the same name in the destination.

Playbooks can be exported and imported only within the same FortiAnaryzer.

A playbook that was disabled when it was exported, will be disabled when it is imported.

A FortiGate ADOM

The FortiGate serial number

A pre-shared key

Valid FortiAnalyzer credentials

Shut down FortiAnalyzer and then replace the disk

Downgrade your RAID level, replace the disk, and then upgrade your RAID level

Clear all RAID alarms and replace the disk while FortiAnalyzer is still running

Perform a hot swap

FortiView

Event Management

Device Manger

Reporting

Success

Failed

Running

Upstream_failed

It can be edited and modified as required

It specifies the report layout which contains predefined texts, charts, and macros

It specifies report settings which contains time period, device selection, and schedule

It contains predefined data to generate mock reports

FortiAnalyzer is ensuring that the parity data of a redundant drive is valid

FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state

FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant

FortiAnalyzer is functioning normally

Configure trusted hosts.

Limit access to specific virtual domains.

Fabric connectors to external LDAP servers.

Use administrator profiles.

3.6% of the system storage is already being used.

Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files

The oftpd process has not archived the logs yet

The logfiled process is just estimating the total quota

They allow FortiAnalyzer to send logs in real-time to public cloud accounts.

You do not need an additional license to send logs to the cloud platform.

Fabric connectors allow you to improve redundancy.

Using fabric connectors is more efficient than using third-party polling with API.

To add a log file checksum

To add the MD’s hash value and authentication code

To add a unique tag to each log to prove that it came from this FortiAnalyzer

To encrypt log communications

Analytics logs will be moved to ADOM1 from the root ADOM automatically.

Archived logs will be moved to ADOM1 from the root ADOM automatically.

Logs will be present in both ADOMs immediately after the move.

Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.

Use static routes

Use administrative profiles

Use trusted hosts

Use secure protocols

It requires a FortiManager configured to manage FortiGate

It requires a dedicated FortiSOAR device or VM.

It does not include a limited trial by default.

It runs as a docker container on FortiAnalyzer