On the RAID management page, the disk status is listed as Initializing.
What does the status Initializing indicate about what the FortiAnalyzer is currently doing?
- A . FortiAnalyzer is ensuring that the parity data of a redundant drive is valid
- B . FortiAnalyzer is writing data to a newly added hard drive to restore it to an optimal state
- C . FortiAnalyzer is writing to all of its hard drives to make the array fault tolerant
- D . FortiAnalyzer is functioning normally
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/4cb0dce6-dbef-11e9-8977-00505692583a/FortiAnalyzer-5.6.10-Administration-Guide.pdf (40)
What is the recommended method of expanding disk space on a FortiAnalyzer VM?
- A . From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk number> command to expand the storage
- B . From the VM host manager, expand the size of the existing virtual disk
- C . From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk
- D . From the VM host manager, add an additional virtual disk and rebuild your RAID array
A
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40848
On FortiAnalyzer, what is a wildcard administrator account?
- A . An account that permits access to members of an LDAP group
- B . An account that allows guest access with read-only privileges
- C . An account that requires two-factor authentication
- D . An account that validates against any user account on a FortiAuthenticator
A
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/747268/configuring-wildcard-admin-accounts
Consider the CLI command:
What is the purpose of the command?
- A . To add a unique tag to each log to prove that it came from this FortiAnalyzer
- B . To add the MD5 hash value and authentication code
- C . To add a log file checksum
- D . To encrypt log communications
C
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/cli-reference/849211/global
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with SSL? (Choose two.)
- A . SSL is the default setting.
- B . SSL communications are auto-negotiated between the two devices.
- C . SSL can send logs in real-time only.
- D . SSL encryption levels are globally set on FortiAnalyzer.
- E . FortiAnalyzer encryption level must be equal to, or higher than, FortiGate.
You need to upgrade your FortiAnalyzer firmware.
What happens to the logs being sent to FortiAnalyzer from FortiGate during the time FortiAnalyzer is temporarily unavailable?
- A . FortiAnalyzer uses log fetching to retrieve the logs when back online
- B . FortiGate uses the miglogd process to cache the logs
- C . The logfiled process stores logs in offline mode
- D . Logs are dropped
What statements are true regarding FortiAnalyzer ‘s treatment of high availability (HA)
dusters? (Choose two)
- A . FortiAnalyzer distinguishes different devices by their serial number.
- B . FortiAnalyzer receives logs from d devices in a duster.
- C . FortiAnalyzer receives bgs only from the primary device in the cluster.
- D . FortiAnalyzer only needs to know (he serial number of the primary device in the cluster-it automaticaly discovers the other devices.
What can you do on FortiAnalyzer to restrict administrative access from specific locations?
- A . Configure trusted hosts for that administrator.
- B . Enable geo-location services on accessible interface.
- C . Configure two-factor authentication with a remote RADIUS server.
- D . Configure an ADOM for respective location.
A
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
View the exhibit.
Why is the total quota less than the total system storage?
- A . 3.6% of the system storage is already being used.
- B . Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files
- C . The oftpd process has not archived the logs yet
- D . The logfiled process is just estimating the total quota
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/368682/disk-space-allocation
Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts?
- A . Antivirus logs
- B . Web filter logs
- C . IPS logs
- D . Application control logs
B
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200_Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C_____6
If you upgrade the FortiAnalyzer firmware, which report element can be affected?
- A . Custom datasets
- B . Report scheduling
- C . Report settings
- D . Output profiles
A
Explanation: https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports
What is the main purpose of using an NTP server on FortiAnalyzer and all of its registered devices?
- A . Log correlation
- B . Host name resolution
- C . Log collection
- D . Real-time forwarding
Which statement is true regarding Macros on FortiAnalyzer?
- A . Macros are ADOM specific and each ADOM will have unique macros relevant to that ADOM.
- B . Macros are supported only on the FortiGate ADOM.
- C . Macros are useful in generating excel log files automatically based on the reports settings.
- D . Macros are predefined templates for reports and cannot be customized.
D
Explanation:
Reference: https://docs2.fortinet.com/document/fortianalyzer/6.2.3/administration-guide/617380/creating-macros
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log
settings?
- A . The log file is stored as a raw log and is available for analytic support.
- B . The log file rolls over and is archived.
- C . The log file is purged from the database.
- D . The log file is overwritten.
B
Explanation:
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6d9f8fb5-6cf4-11e9-81a4-00505692583a/FortiAnalyzer-6.0.5-Administration-Guide.pdf
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/355632/log-browse
What FortiView tool can you use to automatically build a dataset and chart based on a filtered search result?
- A . Chart Builder
- B . Export to Report Chart
- C . Dataset Library
- D . Custom View
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.0/cookbook/989203/building-charts-with-chart-builder
What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)
- A . All FortiGates can send logs to FortiAnalyzer using the store and upload option.
- B . Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.
- C . Both secure communications methods (SSL and IPsec) allow the store and upload option.
- D . Disk logging is enabled on the FortiGate through the CLI only.
- E . Disk logging is enabled by default on the FortiGate.
An administrator has moved FortiGate A from the root ADOM to ADOM1. However, the administrator is not able to generate reports for FortiGate A in ADOM1.
What should the administrator do to solve this issue?
- A . Use the execute sql-local rebuild-db command to rebuild all ADOM databases.
- B . Use the execute sql-local rebuild-adom ADOM1 command to rebuild the ADOM database.
- C . Use the execute sql-report run ADOM1 command to run a report.
- D . Use the execute sql-local rebuild-adom root command to rebuild the ADOM database.
B
Explanation:
Reference: https://help.fortinet.com/fmgr/cli/5-6-1/FortiManager_CLI_Reference/700_execute/sql-local+.htm
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A . A local wildcard administrator account
- B . A remote LDAP server
- C . A trusted host profile that restricts access to the LDAP group
- D . An administrator group
B,A
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38567
View the exhibit:
What does the 1000MB maximum for disk utilization refer to?
- A . The disk quota for the FortiAnalyzer model
- B . The disk quota for all devices in the ADOM
- C . The disk quota for each device in the ADOM
- D . The disk quota for the ADOM type
B
Explanation: https://docs.fortinet.com/document/fortianalyzer/6.2.0/administration-guide/743670/configuring-log-storage-policy
Refer to the exhibit.
The exhibit shows “remoteservergroup” is an authentication server group with LDAP and RADIUS servers.
Which two statements express the significance of enabling “Match all users on remote server” when configuring a new administrator? (Choose two.)
- A . It creates a wildcard administrator using LDAP and RADIUS servers.
- B . Administrator can log in to FortiAnalyzer using their credentials on remote servers LDAP and RADIUS.
- C . Use remoteadmin from LDAP and RADIUS servers will be able to log in to FortiAnalyzer at anytime.
- D . It allows administrators to use two-factor authentication.
B,C
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/7.0.1/administration-guide/858351/creating-administrators
Which two statements are true regarding ADOM modes? (Choose two.)
- A . You can only change ADOM modes through CLI.
- B . In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advance mode, the disk quota of the ADOM is flexible because new devices are added to the ADOM.
- C . In an advanced mode ADOM. you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
- D . Normal mode is the default ADOM mode.
C,D
Explanation:
Reference: https://help.fortinet.com/fa/faz50hlp/56/5-6-1/FMG-FAZ/0800_ADOMs/0400_ADOM%20Device%20Modes.htm
After you have moved a registered logging device out of one ADOM and into a new ADOM, what is the purpose of running the following CLI command?
execute sql-local rebuild-adom <new-ADOM-name>
- A . To reset the disk quota enforcement to default
- B . To remove the analytics logs of the device from the old database
- C . To migrate the archive logs to the new ADOM
- D . To populate the new ADOM with analytical logs for the moved device, so you can run reports
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:
- A . Use DNS
- B . Use host name resolution
- C . Use real-time forwarding
- D . Use an NTP server
If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the
FortiAnalyzer back to functioning normally, without losing data?
- A . Hot swap the disk
- B . Replace the disk and rebuild the RAID manually
- C . Take no action if the RAID level supports a failed disk
- D . Shut down FortiAnalyzer and replace the disk
D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46446#:~:text=On%20FortiAnalyzer%2FFortiManager%20devices%20that, to%20exchanging%20the%20hard%20disk.
If a hard disk on a FortiAnalyzer unit fails, it must be replaced. On FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the unit is still running C known as hot swapping. On FortiAnalyzer units with software RAID, the device must be shutdown prior to exchanging the hard disk.
Reference: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-swap-Hard-Disk-on-FortiAnalyzer/ta-p/194997?externalID=FD41397#:~:text=If%20a%20hard%20disk%20on,process%20known%20as%20hot%20swapping
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)
- A . Must configure the FortiAnalyzer end of the tunnel only–the FortiGate end is auto-negotiated.
- B . Must establish an IPsec tunnel ID and pre-shared key.
- C . IPsec cannot be enabled if SSL is enabled as well.
- D . IPsec is only enabled through the CLI on FortiAnalyzer.
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
- A . To properly correlate logs
- B . To use real-time forwarding
- C . To resolve host names
- D . To improve DNS response times
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname.
How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?
- A . Configure local DNS servers on FortiAnalyzer
- B . Resolve IPs on FortiGate
- C . Configure # set resolve-ip enable in the system FortiView settings
- D . Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve
How do you restrict an administrator’s access to a subset of your organization’s ADOMs?
- A . Set the ADOM mode to Advanced
- B . Assign the ADOMs to the administrator’s account
- C . Configure trusted hosts
- D . Assign the default Super_User administrator profile
B
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/717578/assigning-administrators-to-an-adom
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?
- A . Click FortiView and generate a report for that administrator.
- B . Click Task Monitor and view the tasks performed by that administrator.
- C . Click Log View and generate a report for that administrator.
- D . View the tasks performed by the rogue administrator in Fabric View.
B
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.4.1/administration-guide/792943/task-monitor
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
- A . Use static routes
- B . Use administrative profiles
- C . Use trusted hosts
- D . Use secure protocols
C
Explanation:
https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/186508/trusted-hosts