Fortinet FCP_FAZ_AN-7.4 Exam Practice Test Instant Access

Question 1

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

AFortiAnalyzer flags the associated host for further analysis.

BA new infected entry is added for the corresponding endpoint under Compromised Hosts.

CThe detection engine classifies those logs as Suspicious.

DThe endpoint is marked as Compromised and, optionally, can be put in quarantine.

Answer : B

Question 2

You are trying to configure a task in the playbook editor to run a report.

However, when you try to select the desired playbook, you do to see it listed.

What is the reason?

AThe report does not have auto-cache and extended log filtering enabled.

BThe playbook is currently running and will be available after it is finished.

CYou must create a trigger to run the report first.

DThe report has no result and must be reconfigured.

Answer : A

Question 3

Which statement about the FortiSIEM management extension is correct?

AIt allows you to manage the entire life cycle of a threat or breach.

BIt can be installed as a dedicated VM.

CIts use of the available disk space is capped at 50%.

DIt requires a licensed FortiSIEM supervisor.

Answer : B

Question 4

Exhibit.

What does the data point at 12:20 indicate?

AThe log insert log time is increasing.

BFortiAnalyzer is using its cache to avoid dropping logs.

CThe performance of FortiAnalyzer is below the baseline.

DThe sqiplugind service is caught up with the logs

Answer : A

Question 5

Which log will generate an event with the status Contained?

AAn AV log with action=quarantine.

BAn IPS log with action=pass.

CA WebFilter log will action=dropped.

DAn AppControl log with action=blocked.

Answer : A

Question 6

Which statement about exporting items in Report Definitions is true?

ATemplates can be exported.

BTemplate exports contain associated charts and datasets.

CChart exports contain associated datasets.

DDatasets can be exported.

Answer : B

Question 7

You need to move reports between two ADOMs.

Which two statements are true? (Choose two.)

AThe ADOMs must be compatible types.

BThe data and time will be appointed to the original report name to avoid conflicts.

CAll charts and datasets associated with the report will be imported together.

DYou need to convert the reports into templates first.

Answer : A, C

Fortinet FCP_FAZ_AN-7.4 FCP - FortiAnalyzer 7.4 Analyst Exam Practice Test