Free FCP – FortiAnalyzer 7.4 Analyst Exam FCP_FAZ_AN-7.4 Exam Practice Test

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been uncuccessful.Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

• Open .gz log files in FortiView.
• Rebuild the SQL database and check FortiView.
• Review the ADOM data policy
• Check logs in the Log Browse

What is the purpose of playbook trigger variables?

• To display statistics about the playbook runtime
• To use information from the trigger to filter the action in a task
• To provide the trigger information to make the playbook start running
• To store the start the times of playbooks with On_Schedule triggers

You created a playbook on FortiAnalyzer that uses a FortiOS connector.When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?

• FortiAnalyzer Event Handler
• Fabric Connector event
• FortiOS Event Log
• Incoming webhook

You are tasked with finding logs corresponding to a suspected attack on your network.You need to use an interface where all identified threats within timeframe are listed and organized. You also need to be able to quickly export the information to a PDF file.Where can you go to accomplish this task?

• Log Browse
• Log View
• Fabric View
• FortiView

An administrator on your team has configured multiple reports to run periodically. Management has an additional request that all new generated reports be sent to a company email inbox for accessibility. The mail server has already been configured on FortiAnalyzer.Which item must configure on FortiAnalyzer so that emails are sent when the reports are generated?

• Enable the option to email all repots under the mail server.
• Add a mailto: option within the report layouts.
• Enable email notification under the report calendar.
• Enable an output profile on the reports.

As part of your analysis, you discover that a Medium severity level incident is fully remediated. You change the incident status to Closed:Remediated.Which statement about your update is true?

• The incident can no longer be deleted.
• The corresponding event will be marked as Mitigated.
• The incident dashboard will be updated.
• The incident severity will be lowered.

Which statement about the FortiSOAR management extension is correct?

• It requires a FortiManager configured to manage FortiGate.
• It runs as a docker container on FortiAnalyzer.
• It requires a dedicated FortiSOAR device or VM.
• It does not include a limited trial by default.

After a generated a repot, you notice the information you were expecting to see in not included in it. However, you confirm that the logs are there:Which two actions should you perform? (Choose two.)Check the time frame covered by the report.Disable auto-cache.Increase the report utilization quota.Test the dataset.

• Check the time frame covered by the report and D. Test the dataset.
• These actions directly address the issues that could cause missing information in a report when logs are available but not displayed.

You need to move reports between two ADOMs. Which two statements are true? (Choose two.)

• The ADOMs must be compatible types.
• The data and time will be appointed to the original report name to avoid conflicts.
• All charts and datasets associated with the report will be imported together.
• You need to convert the reports into templates first.

Which two actions should an administrator take to vide Compromised Hosts on FortiAnalyzer? (Choose two.)

• Enable device detection on the FotiGate device that are sending logs to FortiAnalyzer.
• Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to fortiAnalyzer.
• Make sure all endpoints are reachable by FortiAnalyzer.
• Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.