Free FCP – FortiAnalyzer 7.4 Analyst Exam FCP_FAZ_AN-7.4 Exam Practice Test

You discover that a few reports are taking a long tine lo generate. Which two steps can you Like to troubleshoot? (Choose two.)

• Remove old reports from the hcache
• Enable auto-cache and run the reports again
• Increase the ADOM reports quota
• Review report diagnostics

What is the purpose of running the command diagnose sql status sqlreportd?

• To view a list of scheduled reports
• To list the current SQL processes running
• To display the SQL query connections and hcache status
• To identify the database log insertion status

Which two statements regarding FortiAnalyzer operating modes are true? (Choose two.)When running in collector mode, FortiAnalyzer can forward logs to a syslog server.FortiAnalyzer runs in collector mode by default unless it is configured for H

• You can create and edit reports when FortiAnalyzer is running in collector mode.
• A topology with FortiAnalyzeer devices running in both modes can improve their performance.

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been uncuccessful.Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

• Open .gz log files in FortiView.
• Rebuild the SQL database and check FortiView.
• Review the ADOM data policy
• Check logs in the Log Browse

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?

• FortiView Monitor
• Outbreak alert services
• Incidents dashboard
• Threat hunting

Which statement correctly describes one Difference between templates and reports?

• Reports provide mora configuration options than templates
• Templates can be cloned, but reports cannot be cloned.
• Reports support macros, but templates do not.
• Template are mapped to device groups. while reports are mapped to ADOMs

Which log will generate an event with the status Contained?

• An AV log with action=quarantine.
• An IPS log with action=pass.
• A WebFilter log will action=dropped.
• An AppControl log with action=blocked.

Which SQL query is in the correct order to query to database in the FortiAnalyzer?

• SELECT devid FROM $log GROUP BY devid WHERE ‘user’,,’ users1’
• SELECT FROM $log WHERE devid ‘user’,, USER1’ GROUP BY devid
• SELCT devid WHERE ’user’-‘ USER1’ FROM $log GROUP By devid
• SELECT devid FROM $log WHERE ‘user’=’ GROUP BY devid

Which two statements about exporting and importing playbacks are true? (Choose two.)

• A playbook that was disabled when it was exported mil be disabled when it is imported.
• Playbooks can so imported 10 a different FortiAnayzer device, but only if the connectors already exist
• You can import a playbook even if there is another one win the same name in the destination
• You can export only one playbook at a time.

Which statement about exporting items in Report Definitions is true?

• Templates can be exported.
• Template exports contain associated charts and datasets.
• Chart exports contain associated datasets.
• Datasets can be exported.