FCP_FAZ_AD-7.4 Practice Test Questions

166 Questions


Refer to the exhibit.



Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.
Which filter will achieve the desired result?


A. operation-login & dstip==10.1.1.210 & user!-admin


B. operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin


C. operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin


D. operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin





B.   operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

Which daemon is responsible for enforcing the log file size?


A. sqlplugind


B. logfiled


C. miglogd


D. ofrpd





B.   logfiled

Which SQL query is in the correct order to query the database in the FortiAnslyzer?


A. SELECT devid FROM Slog GROOP BY devid WHERE * user' =* USERl'


B. SELECT devid WHERE 'u3er'='USERl' FROM $ log GROUP BY devid


C. SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid


D. FROM Slog WHERE 'user* =' USERl' SELECT devid GROUP BY devid





C.   SELECT devid FROM Slog- WHERE *user' =' USERl' GROUP BY devid

Refer to the exhibit.



The exhibit shows the creation of a new administrator on FortiAnalyzer.
What are two effects of enabling the choice Match all users on remote server when configuring a new administrator? (Choose two.)


A. It allows user accounts in the LDAP server to use two-factor authentication.


B. It creates a wildcard administrator using an LDAP server.


C. User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.


D. Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.





B.   It creates a wildcard administrator using an LDAP server.

D.   Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.

What does the disk status Degraded mean for RAID management?


A. The hard drive is no longer being used by the RAID controller.


B. One or more drives are missing from the FortiAnalyzer unit.


C. The device is writing data to the disk to restore the volume to an optimal state.


D. FortiAnalyzer determined that the parity data in the disk is not valid.





B.   One or more drives are missing from the FortiAnalyzer unit.

Explanation: When the RAID status is Degraded, it typically indicates that one or more drives in the RAID array have failed or are missing, causing the RAID array to operate with reduced redundancy. In this state, the array is still functioning, but it's at risk because the fault tolerance provided by RAID is compromised.

Which two purposes does the auto cache setting on reports serve? (Choose two.)


A. It automatically updates the hcache when new logs arrive.


B. It provides diagnostics on report generation time.


C. It reduces the log insert lag rate.


D. It reduces report generation time.





A.   It automatically updates the hcache when new logs arrive.

D.   It reduces report generation time.

Refer to the exhibit.



Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)


A. Report size will be optimized to conserve disk space on FortiAnalyzer.


B. Reports will be cached in the memory.


C. This feature is automatically enabled for scheduled reports.


D. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.





C.   This feature is automatically enabled for scheduled reports.

D.   Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.

The connection status of a new device on FortiAnalyzer is listed as Unauthorized.
What does that status mean?


A. It is a device whose registration has not yet been accepted in FortiAnalvzer.


B. It is a device that has not yet been assigned an ADOM.


C. It is a device that is waiting for you to configure a pre-shared key.


D. It is a device that FortiAnalvzer does not support.





A.   It is a device whose registration has not yet been accepted in FortiAnalvzer.

You have recently grouped multiple FortiGate devices into a single ADOM. System Settings > Storage Info
shows the quota used.
What does the disk quota refer to?


A. The maximum disk utilization for each device in the ADOM


B. The maximum disk utilization for the FortiAnalyzer model


C. The maximum disk utilization for the ADOM type


D. The maximum disk utilization for all devices in the ADOM





D.   The maximum disk utilization for all devices in the ADOM

Which daemon is responsible for enforcing raw log file size?


A. logfiled


B. oftpd


C. sqlplugind


D. miglogd





A.   logfiled

What is the purpose of the following CLI command?




A. To add a log file checksum


B. To add the MD’s hash value and authentication code


C. To add a unique tag to each log to prove that it came from this FortiAnalyzer


D. To encrypt log communications





A.   To add a log file checksum

Which statement correctly describes RAID 10 (1+0) on FortiAnalyzer?


A. A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.


B. 11 combines mirroring striping and distributed parity to provide performance and fault tolerance


C. A configuration with four disks, each with 2 TB of capacity, provides a total space of 2 TB.


D. It uses striping to provide performance and fault tolerance.





A.   A configuration with four disks, each with 2 TB of capacity, provides a total space of 4 TB.


Page 2 out of 14 Pages
Previous