Which two external servers can you configure to validate administrator logins? (Choose two.)
Correct Answer: B,D
Question 42
Which statement about automation connectors in FortiAnalyzer is true?
Correct Answer: D
Question 43
Which two statements about local logs on FortiAnalyzer are true? (Choose two.)
Correct Answer: B,C
Playbook logs, which relate to automated incident response actions, can be viewed centrally in the root ADOM, allowing visibility across all ADOMs. Event logs on FortiAnalyzer typically provide system-wide information applicable to the entire FortiAnalyzer unit, while application logs are specific to each ADOM, reflecting the logs related to devices and activities managed within that ADOM. https://docs.fortinet.com/document/fortianalyzer/7.6.3/administration-guide/208717/enabling-and- disabling-the-adom-feature
Question 44
Refer to Exhibit: What does the data point at 21:20 indicate?
Correct Answer: A
The exhibit shows a graph that tracks two metrics over time: Receive Rate and Insert Rate. These two rates are crucial for understanding the log processing behavior in FortiAnalyzer. * Understanding Receive Rate and Insert Rate: * Receive Rate: This is the rate at which FortiAnalyzer is receiving logs from connected devices. * Insert Rate: This is the rate at which FortiAnalyzer is indexing (inserting) logs into its database for storage and analysis. * Data Point at 21:20: * At 21:20, the Insert Rate line is above the Receive Rate line, indicating that FortiAnalyzer is inserting logs into its database at a faster rate than it is receiving them. This situation suggests that FortiAnalyzer is able to keep up with the incoming logs and is possibly processing a backlog or temporarily received logs faster than new logs are coming in. * Option Analysis: * Option A - FortiAnalyzer is Indexing Logs Faster Than Logs are Being Received: This accurately describes the scenario at 21:20, where the Insert Rate exceeds the Receive Rate. This indicates that FortiAnalyzer is handling logs efficiently at that moment, with no backlog in processing. * Option B - The fortilogd Daemon is Ahead in Indexing by One Log: The data does not provide specific information about the fortilogd daemon's log count, only the rates. This option is incorrect. * Option C - SQL Database Requires a Rebuild: High receive lag would imply a backlog in receiving and indexing logs, typically visible if the Receive Rate were significantly above the Insert Rate, which is not the case here. * Option D - FortiAnalyzer is Temporarily Buffering Logs to Index Older Logs First: There is no indication of buffering in this scenario. Buffering would usually occur if the Receive Rate were higher than the Insert Rate, indicating that FortiAnalyzer is storing logs temporarily due to indexing lag. Conclusion: * Correct Answer: A. FortiAnalyzer is indexing logs faster than logs are being received. * The graph at 21:20 shows a higher Insert Rate than Receive Rate, indicating efficient log processing by FortiAnalyzer. References: FortiAnalyzer 7.4.1 documentation on log processing metrics, Receive Rate, and Insert Rate indicators.
Question 45
Which two actions should an administrator take to vide Compromised Hosts on FortiAnalyzer? (Choose two.)
Correct Answer: A,B
To view Compromised Hosts on FortiAnalyzer, certain configurations need to be in place on both FortiGate and FortiAnalyzer. Compromised Host data on FortiAnalyzer relies on log information from FortiGate to analyze threats and compromised activities effectively. Option A: Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer Enabling device detection on FortiGate allows it to recognize and log devices within the network, sending critical information about hosts that could be compromised. This is essential because FortiAnalyzer relies on these logs to determine which hosts may be at risk based on suspicious activities observed by FortiGate. This setting enables FortiGate to provide device-level insights, which FortiAnalyzer uses to populate the Compromised Hosts view. Option B: Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer Web filtering is crucial in identifying potentially compromised hosts since it logs any access to malicious sites or blocked categories. FortiAnalyzer uses these web filter logs to detect suspicious or malicious web activity, which can indicate compromised hosts. By ensuring that FortiGate sends these web filtering logs to FortiAnalyzer, the administrator enables FortiAnalyzer to analyze and identify hosts engaging in risky behavior.