Page: 1
/ 2
Total 30 questions
Which two statements are correct regarding the export and import of playbooks? (Choose two.)
- A. You can import a playbook even if there is another one with the same name in the destination.
- B. Playbooks can be exported and imported only within the same FortiAnalyzer device.
- C. You can export only one playbook at a time.
- D. A playbook that was disabled when it was exported will be disabled when it is imported.
Answer : AD
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails.
What will be the status of the playbook after it is run?
- A. Running
- B. Failed
- C. Upstream_failed
- D. Success
Answer : B
Which statement about the FortiSIEM management extension is correct?
- A. Allows you to manage the entire life cycle of a threat or breach.
- B. Its use of the available disk space is capped at 50%.
- C. It requires a licensed FortiSIEM supervisor.
- D. It can be installed as a dedicated VM.
Answer : C
Which two statements are true regarding the outbreak detection service? (Choose two.)
- A. New alerts are received by email.
- B. Outbreak alerts are available on the root ADOM only.
- C. An additional license is required.
- D. It automatically downloads new event handlers and reports.
Answer : CD
What must you consider when using log fetching? (Choose two.)
- A. The fetch client can retrieve logs from devices that are not added to its local Device Manager.
- B. You can use filters to include only logs from a single device.
- C. The fetching profile must include a user with the Super_User profile.
- D. The archive logs retrieved from the server become archive logs in the client.
Answer : AB
Which statement describes a dataset in FortiAnalyzer?
- A. They determine what data is retrieved from the database.
- B. They provide the layout used for reports.
- C. They are used to set the data included in templates.
- D. They define the chart types to be used in reports.
Answer : A
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
- A. Thirteen events will be added.
- B. Five events will be added.
- C. No events will be added.
- D. Ten events will be added.
Answer : D
Refer to the exhibit.
What does the data point at 12:20 indicate?
- A. The performance of FortiAnalyzer is below the baseline.
- B. FortiAnalyzer is using its cache to avoid dropping logs.
- C. The log insert lag time is increasing.
- D. The sqlplugind service is caught up with new logs.
Answer : C
You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
- A. FortiAnalyzer Event Handler
- B. Incoming webhook
- C. Fabric Connector event
- D. FortiOS Event Log
Answer : B
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
- A. Outbreak alert services
- B. FortiView Monitor
- C. Threat hunting
- D. Incidents dashboard
Answer : C
Which log will generate an event with the status Contained?
- A. An IPS log with action=pass.
- B. AWebFilter log with action=dropped.
- C. An AV log with action=quarantine.
- D. An AppControl log with action=blocked.
Answer : C
What is the purpose of trigger variables?
- A. To display statistics about the playbook runtime
- B. To use information from the trigger to filter the action in a task
- C. To provide the trigger information to make the playbook start running
- D. To store the start times of playbooks with On_Schedule triggers
Answer : B
Refer to the exhibit.
What is the purpose of using the Chart Builder feature on FortiAnalyzer?
- A. To add a new chart under FortiView to be used in new reports
- B. To build a dataset and chart automatically, based on the filtered search results
- C. To add charts directly to generate reports in the current ADOM
- D. To build a chart automatically based on the top 100 log entries
Answer : B
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
- A. The size of newly generated reports is optimized to conserve disk space.
- B. FortiAnalyzer local cache is used to store generated reports.
- C. When new logs are received, the hard-cache data is updated automatically.
- D. The generation time for reports is decreased.
Answer : CD
Which statement about sending notifications with incident updates is true?
- A. Notifications can be sent only when an incident is created or deleted.
- B. You must configure an output profile to send notifications by email.
- C. Each incident can send notifications to a single external platform.
- D. Each connector used can have different notification settings.
Answer : D
30 days access 