Fortinet fcp faz ad 7 4 practice test
FCP - FortiAnalyzer 7.4 Administrator
Question 1
Which two statements regarding ADOM modes are true? (Choose two.)
- A. In normal mode, the disk quota of the ADOM is fixed and cannot be modified, but in advanced mode, the disk quota of the ADOM is flexible.
- B. You can change ADOM modes only through the CLI.
- C. In an advanced mode ADOM, you can assign FortiGate VDOMs from a single FortiGate device to multiple FortiAnalyzer ADOMs.
- D. Normal mode is the default ADOM mode.
Answer:
C,D
Question 2
What is the purpose of the FortiAnalyzer command diagnose system print netstat?
- A. It provides network statistics for active connections, including the protocols, IP addresses, and connection states.
- B. It provides the complete routing table, including directly connected routes.
- C. It provides the static DNS table, including the host names and their expiration timers.
- D. It provides NTP server information, including server IPs. stratum, poll time, and latency.
Answer:
A
Explanation:
The diagnose system print netstat command in FortiAnalyzer provides detailed information on active
network connections, similar to the netstat command found in many operating systems.
Question 3
Refer to the exhibit.
The exhibit shows the creation of a new administrator on FortiAnalyzer.
What are two effects of enabling the choice Match all users on remote server when configuring a
new administrator? (Choose two.)
- A. It allows user accounts in the LDAP server to use two-factor authentication.
- B. It creates a wildcard administrator using an LDAP server.
- C. User Remote-Admin from the LDAP server will be able to log in to FortiAnalyzer at any time.
- D. Administrators can log in to FortiAnalyzer using their credentials on the remote LDAP server.
Answer:
B,D
Explanation:
Enabling this option allows any user authenticated by the LDAP server to log in to FortiAnalyzer,
effectively creating a wildcard administrator.
Question 4
The connection status of a new device on FortiAnalyzer is listed as Unauthorized.
What does that status mean?
- A. It is a device whose registration has not yet been accepted in FortiAnalvzer.
- B. It is a device that has not yet been assigned an ADOM.
- C. It is a device that is waiting for you to configure a pre-shared key.
- D. It is a device that FortiAnalvzer does not support.
Answer:
A
Explanation:
The "Unauthorized" status indicates that the device has been discovered or attempted to connect
but has not yet been authorized for management by FortiAnalyzer. It requires an administrator to
approve or authorize the device before it can be fully managed.
Question 5
Refer to the exhibit.
Which image corresponds to the packet capture shown in the exhibit?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
A
Explanation:
Chosen image shows the device Remote-FortiGate with the IP 10.200.3.1 and a connection status of
"Connection Up," which is consistent with the packet capture details showing active communication
between the client and server.
Question 6
Refer to the exhibit.
What is the purpose of configuring FortiAnalyzer with the settings displayed in the image?
- A. To increase reliability
- B. To expand bandwidth
- C. To maximize resiliency
- D. To improve security
Answer:
D
Explanation:
The settings displayed in the image show the creation of a VLAN interface on FortiAnalyzer. The VLAN
ID is set to 100, and it is associated with port 5.
The purpose of configuring a VLAN interface like this is generally: To improve security.
By creating a VLAN, traffic can be segmented into isolated networks, which helps limit access and
enhances security by reducing the broadcast domain and keeping different types of traffic (e.g.,
management, user, and data traffic) separate.
Question 7
What are offline logs on FortiAnalyzer?
- A. Compressed logs, also known as archive logs
- B. Logs that are indexed and stored in the SQL database
- C. Any logs collected from offline devices after they boot up
- D. Real-time logs that are not yet indexed
Answer:
A
Explanation:
Archive logs: When a real-time log file in Archive has been completely inserted, that file is
compressed and considered to be offline."
https://docs.fortinet.com/document/fortianalyzer/7.4.3/administration-guide/381919/logs
Question 8
Refer to the exhibit.
Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?
- A. FortiAnalyzer1 and FortiAnalyzer3
- B. All devices listed can be members.
- C. FortiAnalyzer1 and FortiAnalyzer2
- D. FortiAnalyzer2 and FortiAnalyzer3
Answer:
C
Explanation:
Based on the partial configuration output, the primary factor for determining which devices can be
members of a FortiAnalyzer Fabric is the log-mode setting. Devices with the same log mode can be
part of the same FortiAnalyzer Fabric.
FortiAnalyzer1: Log mode is set to collector.
FortiAnalyzer2: Log mode is set to collector.
FortiAnalyzer3: Log mode is set to analyzer.
Devices with the same log mode can be part of the same fabric. Since FortiAnalyzer1 and
FortiAnalyzer2 both have their log modes set to collector, they can be members of a FortiAnalyzer
Fabric.
Therefore, the correct answer is FortiAnalyzer1 and FortiAnalyzer2.
Question 9
You finished registering a FortiGate device. After traffic starts to flow through FortiGate, you notice
that only some of the logs expected are being received on FortiAnalyzer.
What could be the reason for the logs not arriving on FortiAnalyzer?
- A. FortiGate was added to the wrong ADOM type.
- B. This FortiGate model is not fully supported.
- C. FortiGate does not have logging configured correctly.
- D. This FortiGate is part of an HA cluster but it is the secondary device.
Answer:
C
Explanation:
This issue can occur if FortiGate is not properly configured to send logs to FortiAnalyzer, such as
incorrect logging settings or filters being applied that prevent certain logs from being sent. It's
important to verify that logging is enabled on FortiGate and that the correct log settings (such as log
severity or log type) are configured for transmission to FortiAnalyzer.
Question 10
An administrator, fortinet, can view logs and perform device management tasks, such as adding and
removing registered devices. However, administrator fortinet is not able to create a mail server that
can be used to send alert emails.
What can be the problem?
- A. ADOM mode is configured with Advanced mode.
- B. A trusted host is configured.
- C. fortinet is assigned the default Standard_User administrative profile.
- D. fortinet is assigned the default Restricted_User administrative profile.
Answer:
C
Explanation:
The Standard_User profile allows viewing logs and performing some device management tasks but
typically does not allow configuring global settings like creating a mail server for alert emails. To
create a mail server, the administrator would need to have a profile with higher privileges, such as
Super_User or a custom profile with the necessary permissions.
Question 11
Which two parameters are used to calculate the Total Quota value available on FortiAnalyzer?
(Choose two.)
- A. Used storage
- B. Retention policy
- C. Reserved space
- D. Total system storage
Answer:
C,D
Explanation:
The Total Quota is derived from the total system storage minus any reserved space allocated for
system use, such as databases, system files, or reserved space for log retention policies. Used storage
and retention policies do not directly impact the calculation of the quota available, though they can
influence overall space utilization.
Question 12
Which two settings must you configure on FortiAnalyzer to allow non-local administrators to
authenticate on FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
- A. A local wildcard administrator account
- B. An administrator group
- C. One or more remote LDAP servers
- D. LDAP servers IP addresses added as trusted hosts
Answer:
B,C
Explanation:
C . One or more remote LDAP servers: FortiAnalyzer needs to be configured to communicate with
your external LDAP server where the user accounts and groups reside. This involves setting up the
LDAP server address, port, and authentication details.
B . An administrator group: You need to create an administrator group on FortiAnalyzer and link it to
the specific LDAP group that contains the users you want to grant administrative access. This allows
any user within that LDAP group to authenticate and have the permissions assigned to the
administrator group on FortiAnalyzer.
This configuration allows FortiAnalyzer to authenticate users against the external LDAP server and
authorize them based on their membership in the designated LDAP group. This way, you don't need
to create individual local accounts for each administrator, simplifying user management and
centralizing authentication.
Question 13
An administrator has moved a FortiGate device from the root ADOM to ADOM1.
Which two statements are true regarding logs? (Choose two.)
- A. Analytics logs will be moved to ADOM1 from the root ADOM automatically.
- B. Archived logs will be moved to ADOM1 from the root ADOM automatically.
- C. Logs will be present in both ADOMs immediately after the move.
- D. Analytics logs will be moved to ADOM1 from the root ADOM after you rebuild the database.
Answer:
A,D
Explanation:
When a device is moved from one ADOM to another, analytics logs can be moved automatically, but
you may need to rebuild the database for the logs to be fully transferred and usable in the new
ADOM. Archived logs, however, do not move automatically between ADOMs.
Question 14
Which statement about the communication between FortiGate high availability (HA) clusters and
FortiAnalyzer is true?
- A. If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together.
- B. FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers.
- C. If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer.
- D. The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.
Answer:
A
Explanation:
This allows FortiAnalyzer to correctly identify and process logs from different members of the HA
cluster.
Question 15
An administrator has configured the following settings:
What is the purpose of executing these commands?
- A. To record the hash value and authentication code of log files.
- B. To encrypt log transfer between FortiAnalyzer and other devices.
- C. To create the secure channel used by the OFTP process.
- D. To verify the integrity of the log files received.
Answer:
A
Explanation:
The command set log-checksum md5-auth configures FortiAnalyzer to generate an MD5 hash for
each log file, along with an authentication code. This ensures that the integrity of the logs can be
verified, confirming that the logs have not been tampered with.