Question 21
Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)
A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
B. Make sure all endpoints are reachable by FortiAnalyzer.
C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
Question 22
A playbook contains five tasks in total. An administrator executed the playbook and four out of five tasks finished successfully, but one task failed.
What will be the status of the playbook after its execution?
A. Failed
B. Success
C. Upstream_failed
D. Running
Question 23
Refer to the exhibit.
Which image corresponds to the packet capture shown in the exhibit?
A.
B.
C.
D.
Question 24
Refer to the exhibit.
Which two statements are true regarding enabling auto-cache on FortiAnalyzer? (Choose two.)
A. Enabling auto-cache reduces report generation time for reports that require a long time to assemble datasets.
B. This feature is automatically enabled for scheduled reports.
C. Reports will be cached in the memory.
D. Report size will be optimized to conserve disk space on FortiAnalyzer.
Question 25
You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
A. FortiAnalyzer Event Handler
B. Incoming webhook
C. FortiOS Event Log
D. Fabric Connector event
Question 26
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
A. No events will be added.
B. Ten events will be added.
C. Five events will be added.
D. Thirteen events will be added.
Question 27
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
A. Playbooks can be exported and imported only within the same FortiAnalyzer.
B. You can export only one playbook at a time.
C. A playbook that was disabled when it was exported, will be disabled when it is imported.
D. You can import a playbook even if there is another one with the same name in the destination.
Question 28
If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?
A. The firmware version is checked first.
B. The active port number is checked first.
C. The configured IP address is checked first.
D. The configured priority is checked first.
Question 29
Refer to the exhibit.
The image displays the configuration of a FortiAnalyzer the administrator wants to join to an existing HA cluster.
What can you conclude from the configuration displayed?
A. This FortiAnalyzer will join to the existing HA cluster as the primary.
B. This FortiAnalyzer is configured to receive logs in its port1.
C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds.
D. After joining to the cluster, this FortiAnalyzer will keep an updated log database.
Question 30
For which two purposes would you use the command set log checksum? (Choose two.)
A. To prevent log modification or tampering
B. To send an identical set of logs to a second logging server
C. To encrypt log communications
D. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server
