Question 1
What is the best approach to handle a hard disk failure on a FortiAnalyzer that supports hardware RAID?
A. Hot swap the disk.
B. There is no need to do anything because the disk will self-recover.
C. Shut down FortiAnalyzer and replace the disk.
D. Run execute format disk to format and restart the FortiAnalyzer device.
Question 2
Refer to the exhibit.
Which statement is correct regarding the event displayed?
A. An incident was created from this event.
B. The security risk was blocked or dropped.
C. The security event risk is considered open.
D. The risk source is isolated.
Question 3
Which statement correctly describes the management extensions available on FortiAnalyzer?
A. Management extensions do not require additional licenses.
B. Management extensions may require a minimum number of CPU cores to run.
C. Management extensions allow FortiAnalyzer to act as a FortiSIEM supervisor.
D. Management extensions require a dedicated VM for best performance.
Question 4
In Log View, you can use the Chart Builder feature to build a dataset and chart based on the filtered search results.
Similarly, which feature can you use for FortiView?
A. Export to Custom Chart
B. Export to PDF
C. Export to Chart Builder
D. Export to Report Chart
Question 5
Which daemon is responsible for enforcing the log file size?
A. logfiled
B. oftpd
C. sqlplugind
D. miglogd
Question 6
For which two SAML roles can the FortiAnalyzer be configured? (Choose two.)
A. Principal
B. Identity provider
C. Identity collector
D. Service provider
Question 7
Which two elements are contained in a system backup created on FortiAnalyzer? (Choose two.)
A. Report information
B. Database snapshot
C. System information
D. Logs from registered devices
Question 8
What is required to authorize a FortiGate on FortiAnalyzer using Fabric authorization?
A. A pre-shared key
B. The FortiGate serial number
C. A FortiGate ADOM
D. Valid FortiAnalyzer credentials
Question 9
Which two statements are true regarding high availability (HA) on FortiAnalyzer? (Choose two.)
A. FortiAnalyzer HA can function without VRRP, and VRRP is required only if you have more than two FortiAnalyzer devices in a cluster.
B. FortiAnalyzer HA supports synchronization of logs as well as some system and configuration settings.
C. All devices in a FortiAnalyzer HA cluster must run in the same operation mode: analyzer or collector.
D. FortiAnalyzer HA implementation is supported by all cloud providers.
Question 10
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
A. FortiView Monitor
B. Threat hunting
C. Incidents dashboards
D. Outbreak alert services
