You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired report you do not see it listed.
What is the reason?
AThe report template needs to be switched to one that is available for playbooks.
BYou must create a trigger to run the report first.
CThe playbook is currently running and the report will be available after it is finished.
DThe report does not have auto-cache and extended log filtering enabled.
0
Question 2
Log Analysis
0
Question 3
SOC operation and automation
0
Question 4
Features and concepts
0
Question 5
Reports
0
That's the end of the Preview
This exam has 53 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
Topics covered:
Features and conceptsLog AnalysisSOC operation and automationReports
AFortiAnalyzer is indexing logs faster than logs are being received.
BThe sqlpugind daemon is behind in receiving logs by one log.
CThe fortilogd daemon is ahead in indexing by one log.
DThe log insert lag time is high.
Which three modules does FortiAnalyzer automatically download content from with a valid SOC Automation service license? (Choose three.)
AReport templates
BDashboards
CEvent handlers
DActive Connectors
EPlaybooks
FIncident templates
Which two parameters does FortiAnalyzer use to identify an indicator of compromise (IOC)? (Choose two.)
AApplication category
BIP address
CURL
DPolicy ID
An analyst needs to move reports between two ADOMs.
Which two statements are true? (Choose two.)
AAll charts and datasets associated with the report will be imported together.
BThe date and time will be appended to the original report name to avoid conflicts.
CThe ADOMs must be compatible types.
DThe reports must be converted into templates first.
Question 6
Reports
0
Question 7
Features and concepts
Question 8
SOC operation and automation
Question 9
SOC operation and automation
Question 10
Log Analysis
Question 11
Features and concepts
Question 12
Features and concepts
Question 13
Features and concepts
Question 14
Reports
Question 15
Log Analysis
Question 16
Features and concepts
Question 17
Features and concepts
Question 18
Features and concepts
Question 19
Features and concepts
Question 20
Features and concepts
Question 21
Log Analysis
Question 22
Reports
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
After generating a report you notice that the information you were expecting to see is not included in that report. However, you confirm that the logs are there.
Which two actions must you perform? (Choose two.)
ATest the dataset.
BCheck the time frame covered by the report.
CIncrease the report utilization quota.
DEnable auto-cache.
Which three types of traffic does the safeguarding event handler scan? (Choose three.)
AWeb
BApplication
CVoIP
DEmail
EDNS
What are the two methods you can use to send notifications when an event is generated by an event handler? (Choose two.)
ASend an alert through the FortiGuard server.
BSend an alert through Fabric connectors.
CSend SMS notification.
DSend SNMP trap.
In your role as an analyst, you frequently search the log view using the same parameters.
Instead of defining the same search filters repeatedly, what can you do to save time?
AConfigure a custom dashboard.
BConfigure a chart template and apply it to device groups.
CConfigure a report template.
DConfigure a custom view.
When there are no matching parsers for a device log, what does FortiAnalyzer do?
AStores the log but doesn’t normalize it
BApplies the generic SYSLOG parser
CDrops the log
DArchives the log for future analysis
Refer to the exhibit.
What does the orange status indicator on the FortiGuard Connector indicate?
AThe connection is down.
BThe connection is successful.
CThe connection is unknown.
DThe connection is disconnected.
How does FortiAnalyzer block indicators?
AIt uses a webhook to allow FortiGate to send the block list.
BIt uses a FortiClient EMS connector to send the block list.
CIt uses a FortiManager connector to send the block list.
DIt uses an automation script to update FortiGate with the block list.
What is the purpose of running the command diagnose sql status sqlreportd?
ATo identify the configuration status of all configured reports
BTo view a list of current reports that are running
CTo display the SQL query connections and hcache status
DTo list the current running SQL processes
Which two actions should you take to view compromised hosts on FortiAnalyzer? (Choose two.)
AEnable device detection on FortiGate devices that are sending logs to FortiAnalyzer.
BEnable web filtering in firewall policies on FortiGate devices, and make sure the FortiGate logs are sent to FortiAnalyzer.
CSubscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
DSubscribe to the Outbreak Detection Service so that the FortiAnalyzer has the latest event handlers.
Refer to the exhibit.
What can you conclude from this output?
AThe allocated disk quota to ADOM1 is 3 GB.
BThere is no disk quota allocated to quarantining files.
CArchive logs are using more space than analytic logs.
DADOM1 has 300 MB of disk space remaining.
Which two statements about local logs on FortiAnalyzer are true? (Choose two.)
APlaybook logs for all ADOMs are in the root ADOM.
BApplication control logs are ADOM specific.
CLocal logs are not displayed in FortiView.
DEvent logs are available in the root ADOM.
In a FortiAnalyzer Fabric deployment, which three modules from Fabric members are available for analysis on the supervisor? (Choose three.)
AReports
BPlaybooks
CLogs
DIndicators
EEvents
Which statement about automation connectors on FortiAnalyzer is true?
AAn ADOM with the Fabric type comes with multiple connectors configured.
BThe local connector comes online once you have a playbook task referencing it.
CThe actions available with FortiOS connectors are determined by automation rules configured on FortiGate.
DThe playbook module must be enabled before external connectors are displayed.
Which three types of indicators can FortiAnalyzer identify? (Choose three.)
AEmail address
BHost name
CDomain
DURL
EIP address
When managing incidents on FortiAnalyzer, which fact must an analyst be aware of?
AThe status of the incident is always linked to the status of the attached event.
BA playbook can be run from the Incidents page.
CIncidents must be acknowledged before they can be analyzed.
DIndicators found on the Incidents page can be enriched only from the Indicators page.
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but so far, you have been unsuccessful.
Which two tasks should you perform to investigate why you are having this issue? (Choose two.)
AReview the ADOM data policy.
BCheck logs in Log Browse.
CDisable FortiView using the CLI and then enable it again.
DRebuild the SQL database and check FortiView.
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
AThe size of newly generated reports is optimized to conserve disk space.
BThe hcache data is updated automatically when new logs are received.
CThe report generation time is reduced.
DFortiAnalyzer local cache is used to store generated reports.
