NEW QUESTION 1
By default, what happens when a log file reaches its maximum file size?

• A. FortiAnalyzer overwrites the log files.
• B. FortiAnalyzer stops logging.
• C. FortiAnalyzer rolls the active log by renaming the file.
• D. FortiAnalyzer forwards logs to syslog.

Answer: C

NEW QUESTION 2
What statements are true regarding disk log quota? (Choose two)

• A. The FortiAnalyzer stops logging once the disk log quota is met.
• B. The FortiAnalyzer automatically sets the disk log quota based on the device.
• C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.
• D. The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Answer: CD

NEW QUESTION 3
View the exhibit:

What does the 1000MB maximum for disk utilization refer to?

• A. The disk quota for the FortiAnalyzer model
• B. The disk quota for all devices in the ADOM
• C. The disk quota for each device in the ADOM
• D. The disk quota for the ADOM type

Answer: B

NEW QUESTION 4
What can the CLI command # diagnose test application oftpd 3 help you to determine?

• A. What devices and IP addresses are connecting to FortiAnalyzer
• B. What logs, if any, are reaching FortiAnalyzer
• C. What ADOMs are enabled and configured
• D. What devices are registered and unregistered

Answer: A

NEW QUESTION 5
Which statements are correct regarding FortiAnalyzer reports? (Choose two)

• A. FortiAnalyzer provides the ability to create custom reports.
• B. FortiAnalyzer glows you to schedule reports to run.
• C. FortiAnalyzer includes pre-defined reports only.
• D. FortiAnalyzer allows reporting for FortiGate devices only.

Answer: AB

NEW QUESTION 6
What are two of the key features of FortiAnalyzer? (Choose two.)

• A. Centralized log repository
• B. Cloud-based management
• C. Reports
• D. Virtual domains (VDOMs)

Answer: AC

NEW QUESTION 7
In FortiAnalyzer’s FormView, source and destination IP addresses from FortiGate devices are not resolving to a hostname. How can you resolve the source and destination IPs, without introducing any additional performance impact to FortiAnalyzer?

• A. Configure local DNS servers on FortiAnalyzer
• B. Resolve IPs on FortiGate
• C. Configure # set resolve-ip enable in the system FortiView settings
• D. Resolve IPs on a per-ADOM basis to reduce delay on FortiView while IPs resolve

Answer: B

NEW QUESTION 8
What purposes does the auto-cache setting on reports serve? (Choose two.)

• A. To reduce report generation time
• B. To automatically update the hcache when new logs arrive
• C. To reduce the log insert lag rate
• D. To provide diagnostics on report generation time

Answer: AB

NEW QUESTION 9
On FortiAnalyzer, what is a wildcard administrator account?

• A. An account that permits access to members of an LDAP group
• B. An account that allows guest access with read-only privileges
• C. An account that requires two-factor authentication
• D. An account that validates against any user account on a FortiAuthenticator

Answer: D

NEW QUESTION 10
Which tabs do not appear when FortiAnalyzer is operating in Collector mode?

• A. FortiView
• B. Event Management
• C. Device Manger
• D. Reporting

Answer: B

NEW QUESTION 11
What is the recommended method of expanding disk space on a FortiAnalyzer VM?

• A. From the VM host manager, add an additional virtual disk and use the #execute lvm extend <disk number> command to expand the storage
• B. From the VM host manager, expand the size of the existing virtual disk
• C. From the VM host manager, expand the size of the existing virtual disk and use the # execute format disk command to reformat the disk
• D. From the VM host manager, add an additional virtual disk and rebuild your RAID array

Answer: A

NEW QUESTION 12
How does FortiAnalyzer retrieve specific log data from the database?

• A. SQL FROM statement
• B. SQL GET statement
• C. SQL SELECT statement
• D. SQL EXTRACT statement

Answer: C

NEW QUESTION 13
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another FortiAnalyzer device?

• A. Log upload
• B. Indicators of Compromise
• C. Log forwarding an aggregation mode
• D. Log fetching

Answer: D

NEW QUESTION 14
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?

• A. The log file is stored as a raw log and is available for analytic support.
• B. The log file rolls over and is archived.
• C. The log file is purged from the database.
• D. The log file is overwritten.

Answer: B

NEW QUESTION 15
Logs are being deleted from one of your ADOMs earlier that the configured setting for archiving in your data policy. What is the most likely problem?

• A. The total disk space is insufficient and you need to add other disk.
• B. CPU resources are too high.
• C. The ADOM disk quota is set too low based on log rates.
• D. Logs in that ADOM are being forwarded in real-time to another FortiAnalyzer device.

Answer: C

NEW QUESTION 16
For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered devices should:

• A. Use DNS
• B. Use host name resolution
• C. Use real-time forwarding
• D. Use an NTP server

Answer: D

NEW QUESTION 17
FortiAnalyzer centralizes which functions? (Choose three)

• A. Network analysis
• B. Graphical reporting
• C. Content archiving / data mining
• D. Vulnerability assessment
• E. Security log analysis / forensics

Answer: BCE

NEW QUESTION 18
View the exhibit.

Why is the total quota less than the total system storage?

• A. 3.6% of the system storage is already being used.
• B. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report files
• C. The oftpd process has not archived the logs yet
• D. The logfiled process is just estimating the total quota

Answer: B

NEW QUESTION 19
......