● FCP - FortiAnalyzer 7.4 Analyst Exam Materials

The Actual questions for FCP - FortiAnalyzer 7.4 Analys (FCP_FAZ_AN-7.4) - Updated Weekly
Question #1
Comment Image Comment Image

Which statement about the FortiSOAR management extension is correct? (Choose one answer)

  • A. It requires a FortiManager configured to manage FortiGate.
  • B. It requires a dedicated FortiSOAR device or VM.
  • C. It runs as a docker container on FortiAnalyzer.
  • D. It does not include a limited trial by default.

Question #2
Comment Image Comment Image

Why must you wait for several minutes before you run a playbook that you just created? (Choose one answer)

  • A. FortiAnalyzer needs that time to parse the new playbook.
  • B. FortiAnalyzer needs that time to back up the current playbooks.
  • C. FortiAnalyzer needs that time to debug the new playbook.
  • D. FortiAnalyzer needs that time to ensure there are no other playbooks running.

Question #3
Comment Image Comment Image

Which statement about sending notifications with incident updates is true? (Choose one answer)

  • A. Notifications can be sent only when an incident is updated or deleted.
  • B. Notifications can be sent only by email.
  • C. You can send notifications to multiple external platforms.
  • D. If you use multiple fabric connectors, all connectors must have the same notification settings.

Question #4
Comment Image Comment Image

Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security? (Choose one answer)

  • A. Outbreak alert services
  • B. Incidents dashboard
  • C. Threat hunting
  • D. FortiView Monitor

Question #5
Comment Image Comment Image

Which log will generate an event with the status Unhandled? (Choose one answer)

  • A. A WebFilter log with action=dropped.
  • B. An IPS log with action=pass.
  • C. An AppControl log with action=blocked.
  • D. An AV log with action=quarantine.

Question #6
Comment Image Comment Image

What is the purpose of running the command diagnose sql status sqlreportd? (Choose one answer)

  • A. To identify the database log insertion status
  • B. To view a list of scheduled reports
  • C. To list the current SQL processes running
  • D. To display the SQL query connections and hcache status

Question #7
Comment Image Comment Image

What can you conclude from this output? (Choose one answer)

  • A. The allocated disk quota to ADOM1 is 3 GB.
  • B. FGT-B is the Security Fabric root.
  • C. Archive logs are using more space than analytic logs.
  • D. There is no disk quota allocated to quarantining files.

Question #8
Comment Image Comment Image

As part of your analysis, you discover that an incident is a false positive.

You change the incident status to Closed: False Positive.

Which statement about your update is true? (Choose one answer)

  • A. The incident will be deleted.
  • B. The corresponding event will be marked as Mitigated.
  • C. The incident number will be changed.
  • D. The audit history log will be updated.

Question #9
Comment Image Comment Image

Which statement describes archive logs on FortiAnalyzer? (Choose one answer)

  • A. Logs compressed and saved in files with the .gz extension
  • B. Logs that are indexed and stored in the SQL database
  • C. Logs previously collected from devices that are offline
  • D. Logs a FortiAnalyzer administrator can access in FortiView

Question #10
Comment Image Comment Image

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two answers)

  • A. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date
  • B. Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer.
  • C. Make sure all endpoints are reachable by FortiAnalyzer.
  • D. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.