Is the FCP-FAZ-AN-7-6 practice exam free?

Yes. ExamCademy offers all 53 FCP-FAZ-AN-7-6 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the FCP-FAZ-AN-7-6 practice questions?

All FCP-FAZ-AN-7-6 questions are community-created and reviewed by moderators to align with Fortinet's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the FCP-FAZ-AN-7-6 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Fortinet documentation and hands-on experience for best results.

FCP-FAZ-AN-7-6 Practice Exam — Free 53+ Questions

53Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Features and concepts

Question 2

Log Analysis

Question 3

SOC operation and automation

Question 4

Features and concepts

Question 5

Reports

Question 6

Reports

Question 7

Features and concepts

Question 8

SOC operation and automation

Question 9

SOC operation and automation

Question 10

Log Analysis

Question 11

Features and concepts

Question 12

Features and concepts

Question 13

Features and concepts

Question 14

Reports

Question 15

Log Analysis

Question 16

Features and concepts

Question 17

Features and concepts

Question 18

Features and concepts

Question 19

Features and concepts

Question 20

Features and concepts

Question 21

Log Analysis

Question 22

Reports

That's the end of the Preview

This exam has 53 community-verified practice questions. Create a free account to access all questions, comments, and explanations.

Topics covered:

Features and conceptsLog AnalysisSOC operation and automationReports

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 53

1 2 3

→

Know a question that should be here? Contribute to this exam

You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired report you do not see it listed.
What is the reason?

A The report template needs to be switched to one that is available for playbooks.
B You must create a trigger to run the report first.
C The playbook is currently running and the report will be available after it is finished.
D The report does not have auto-cache and extended log filtering enabled.

Refer to the exhibit.

Question Image

What does the data point at 21:20 indicate?

A FortiAnalyzer is indexing logs faster than logs are being received.
B The sqlpugind daemon is behind in receiving logs by one log.
C The fortilogd daemon is ahead in indexing by one log.
D The log insert lag time is high.

Which three modules does FortiAnalyzer automatically download content from with a valid SOC Automation service license? (Choose three.)

A Report templates
B Dashboards
C Event handlers
D Active Connectors
E Playbooks
F Incident templates

Which two parameters does FortiAnalyzer use to identify an indicator of compromise (IOC)? (Choose two.)

A Application category
B IP address
C URL
D Policy ID

An analyst needs to move reports between two ADOMs.
Which two statements are true? (Choose two.)

A All charts and datasets associated with the report will be imported together.
B The date and time will be appended to the original report name to avoid conflicts.
C The ADOMs must be compatible types.
D The reports must be converted into templates first.

After generating a report you notice that the information you were expecting to see is not included in that report. However, you confirm that the logs are there.
Which two actions must you perform? (Choose two.)

A Test the dataset.
B Check the time frame covered by the report.
C Increase the report utilization quota.
D Enable auto-cache.

Which three types of traffic does the safeguarding event handler scan? (Choose three.)

A Web
B Application
C VoIP
D Email
E DNS

What are the two methods you can use to send notifications when an event is generated by an event handler? (Choose two.)

A Send an alert through the FortiGuard server.
B Send an alert through Fabric connectors.
C Send SMS notification.
D Send SNMP trap.

In your role as an analyst, you frequently search the log view using the same parameters.
Instead of defining the same search filters repeatedly, what can you do to save time?

A Configure a custom dashboard.
B Configure a chart template and apply it to device groups.
C Configure a report template.
D Configure a custom view.

When there are no matching parsers for a device log, what does FortiAnalyzer do?

A Stores the log but doesn’t normalize it
B Applies the generic SYSLOG parser
C Drops the log
D Archives the log for future analysis

Refer to the exhibit.

Question Image

What does the orange status indicator on the FortiGuard Connector indicate?

A The connection is down.
B The connection is successful.
C The connection is unknown.
D The connection is disconnected.

How does FortiAnalyzer block indicators?

A It uses a webhook to allow FortiGate to send the block list.
B It uses a FortiClient EMS connector to send the block list.
C It uses a FortiManager connector to send the block list.
D It uses an automation script to update FortiGate with the block list.

What is the purpose of running the command diagnose sql status sqlreportd?

A To identify the configuration status of all configured reports
B To view a list of current reports that are running
C To display the SQL query connections and hcache status
D To list the current running SQL processes

Which two actions should you take to view compromised hosts on FortiAnalyzer? (Choose two.)

A Enable device detection on FortiGate devices that are sending logs to FortiAnalyzer.
B Enable web filtering in firewall policies on FortiGate devices, and make sure the FortiGate logs are sent to FortiAnalyzer.
C Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
D Subscribe to the Outbreak Detection Service so that the FortiAnalyzer has the latest event handlers.

Refer to the exhibit.

Question Image

What can you conclude from this output?

A The allocated disk quota to ADOM1 is 3 GB.
B There is no disk quota allocated to quarantining files.
C Archive logs are using more space than analytic logs.
D ADOM1 has 300 MB of disk space remaining.

Which two statements about local logs on FortiAnalyzer are true? (Choose two.)

A Playbook logs for all ADOMs are in the root ADOM.
B Application control logs are ADOM specific.
C Local logs are not displayed in FortiView.
D Event logs are available in the root ADOM.

In a FortiAnalyzer Fabric deployment, which three modules from Fabric members are available for analysis on the supervisor? (Choose three.)

A Reports
B Playbooks
C Logs
D Indicators
E Events

Which statement about automation connectors on FortiAnalyzer is true?

A An ADOM with the Fabric type comes with multiple connectors configured.
B The local connector comes online once you have a playbook task referencing it.
C The actions available with FortiOS connectors are determined by automation rules configured on FortiGate.
D The playbook module must be enabled before external connectors are displayed.

Which three types of indicators can FortiAnalyzer identify? (Choose three.)

A Email address
B Host name
C Domain
D URL
E IP address

When managing incidents on FortiAnalyzer, which fact must an analyst be aware of?

A The status of the incident is always linked to the status of the attached event.
B A playbook can be run from the Incidents page.
C Incidents must be acknowledged before they can be analyzed.
D Indicators found on the Incidents page can be enriched only from the Indicators page.

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but so far, you have been unsuccessful.
Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

A Review the ADOM data policy.
B Check logs in Log Browse.
C Disable FortiView using the CLI and then enable it again.
D Rebuild the SQL database and check FortiView.

What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)

A The size of newly generated reports is optimized to conserve disk space.
B The hcache data is updated automatically when new logs are received.
C The report generation time is reduced.
D FortiAnalyzer local cache is used to store generated reports.

FCP-FAZ-AN-7-6Preview

About the FCP-FAZ-AN-7-6 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

That's the end of the Preview

FCP-FAZ-AN-7-6Preview

About the FCP-FAZ-AN-7-6 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

That's the end of the Preview