Question 11
When working with FortiAnalyzer reports, what is the purpose of a dataset?
A. To set the data included in templates
B. To retrieve data from the database
C. To provide the layout used for reports
D. To define the chart type to be used
Question 12
Which two statements are true regarding log fetching on FortiAnalyzer? (Choose two.)
A. Log fetching allows the administrator to fetch analytics logs from another FortiAnalyzer for redundancy.
B. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end.
C. Log fetching can be done only on two FortiAnalyzer devices that are running the same firmware version.
D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device.
Question 13
Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.)
A. By deploying different FortiAnalyzer devices in both modes, you can improve their overall performance.
B. When in collector mode. FortiAnalyzer collects logs from multiple devices and forwards these logs in the original binary format.
C. When in collector mode. FortiAnalyzer supports event management and reporting features.
D. Collector mode is the default operating mode.
Question 14
Which statement is true about sending notifications with incident updates?
A. You can send notifications to multiple external platforms.
B. If you use multiple fabric connectors, all connectors must have the same notification settings.
C. Notifications can be sent only by email.
D. Notifications can be sent only when an incident is updated or deleted.
Question 15
Which SQL query is in the correct order to query the database in the FortiAnalyzer?
A. SELECT devid WHERE /'user/'=/'USER1/' FROM $log GROUP BY devid
B. FROM $log WHERE /'user/'=/'USER1/' SELECT devid GROUP BY devid
C. SELECT devid FROM $log WHERE /'user/'=/'USER1/' GROUP BY devid
D. SELECT devid FROM $log GROUP BY devid WHERE /'user/'=/'USER1/'
Question 16
A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?
A. Click Task Monitor and view the tasks performed by that administrator.
B. Click Fabric View and view the tasks performed by the rogue administrator.
C. Click Log View and generate a report for that administrator.
D. Click FortiView and generate a report for that administrator.
Question 17
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
A. Both modes, forwarding and aggregation, support encryption of logs between devices.
B. In aggregation mode, you can forward logs to syslog and CEF servers as well.
C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Question 18
After you have moved a registered logging device out of one ADOM and into a new ADOM. what is the purpose of running the following CLI command? execute sql-local rebuild-adom
A. To reset the disk quota enforcement to default
B. To migrate the archive logs to the new ADOM
C. To remove the analytics logs of the device from the old database
D. To populate the new ADOM with analytical logs for the moved device, so you can run reports
Question 19
Which statement is true regarding Macros on FortiAnalyzer?
A. Macros are predefined templates for reports and cannot be customized.
B. Macros are useful in generating excel log files automatically based on the report settings.
C. Macros are supported only on the FortiGate ADOM.
D. Macros are ADOM specific and each ADOM has unique macros relevant to that ADOM.
Question 20
What is the purpose of output variables?
A. To display details of the connectors used by a playbook
B. To store playbook execution statistics
C. To save all the task settings when a playbook is exported
D. To use the output of the previous task as the input of the current task
