REVIEW QUESTIONS

1. Which FortiAnalyzer feature allows you to group devices that administrators can monitor and
manage?
A. Administrative Domains
B. Reports

Answer: A

2. Which operating mode in FortiAnalyzer is used to collect logs from multiple devices and then
forward those logs to another device?
A. Analyzer
B. Collector

Answer: B

3. You want to permit administrator logins on FortiAnalyzer from specific locations only. How can
you configure this on FortiAnalyzer?
A. Use administrative profiles
B. Use trusted hosts

Answer: B

4. What should you always do after erasing the configuration on flash?

A. Run the execute format flash disk command
B. Run the execute reset all-settings command

Answer: A

5. How do you restrict an administrator’s access to a subset of your organization’s ADOMs?

A. Assign the ADOM to the administrator’s account
B. Configure trusted hosts

Answer: A
 6. What is wildcard administrator?
A. A local administrator account that is used to permit group access
B. An external administrator account that is used to permit group access

Answer: B

7. To view FortiGate event logs on FortiAnalyzer, what configuration is required?

A. FortiGate must be registered to the root ADOM
B. FortiGate logging settings must have event logging enabled

Answer: B

8. If an administrative user’s job description requires them to manage devices but not system
settings, what is the most appropriate default Admin Profile to assign?
A. Super_User
B. Standard_User

Answer: A

9. Disk quota is assigned to the ____

A. ADOM
B. Device

Answer: A

10. Which statement is true about the ADOM advanced mode?

A. Must assign the FortiGate device and all its VDOMs to a single ADOM
B. Can assign FortiGate VDONs from a single device to multiple FortiAnalyzer ADOMs

Answer: B

11. The RAID 10 level comprises what data format?

A. Dual Parity
 B. Mirrorng and Striping

Answer: B

12. If a hard disk on a FortiAnalyzer that supports RAID fails, what should you do?
A. Hot swap the disk
B. Shutdown FortiAnalyzer and replace the disk

Answer: B

13. Under what situation must ADOMs be enable on FortiAnalyzer?

A. A FortiGate device wants to register with FortiAnalyzer
B. A FortiMail device wants to register with FortiAnalyzer

Answer: B

14. Which CLI command can you use to find FortiAnalyzer ADOM status?
A. Get system status
B. Show system performance

Answer: A

15. What can the CLI command diagnose test application oftpd 3 help you to determine?
A. What ADOMs are enabled and configured
B. What devices and IP Addresses are connectiong to FortiAnalyzer

Answer: B

16. By default, what happens when the allotted log disk space is full?
A. The oldest logs are overwritten
B. Logging stops
Answer: A

17. What comprises the disk quota?

A. Raw logs, Archive files, SQL dataase tables
B. Raw logs and archive files

Answer: A

18. When you move a FortiGate device from one ADOM to a new ADOM, what is the purpose of
rebuilding the new ADOM database?
A. To migrate the archive logs to the new ADOM
B. To run reports on the device’s analytics logs in the new ADOM

Answer: B

19. Logs in the compromised phase are known as ______ logs.

A. Archive
B. Analytics

Answer: A

20. What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the
device log settings?
A. The log file rolls over and is archived
B. The log file is stored as a raw log and is available for analytic support

Answer: A

21. Which log forwarding mode stores logs and content files and uploads to another FortiAnalyzer
server at a scheduled time?
A. Forwarding Mode
B. Aggregation Mode
Answer: B

22. FortiAnalyzer uses the Optimized fabric Transfer Protocol (OFTP) over SSL for what purpose?
A. To encrypt log communication between devices
B. To prevent log modification

Answer: A

23. Which FortiAnalyzer feature allows you to obtain the archived logs specified devices from
another FortiAnalyzer device?
A. Log forwarding in Aggregartion mode
B. Log fetching

Answer: A

24. What does the CLI command diagnose fortilogd lograte provide?
A. The log receive rate per second
B. The message receive rate per second

Answer: A

25. Your ADOM data policy is set to keep logs in archive for 365 days, but the logs are being deleted
prematurely from that ADOM and CPU resources are also high. What is the most likely problem?
A. The ADOM disk quota is set too low, based on log rate
B. A global automatic deletion policy is set to delete logs every 6 months

Answer: A

26. What are event handlers?

A. Threats identified by FortiGuard
B. Specific matched conditions in the raw logs

Answer: B
 27. In FortiAnalyzer, what is a dataset?
A. The database schema
B. A specific SQL SELECT query that reviews data from the database

Answer: B

28. Templates do not contain ______

A. Data
B. Charts

Answer: A

29. Which one of the following statements about macros is true?

A. Macros are abbreviated dataset queries
B. Macros cannot be customized

Answer: A

30. What report elements can be affected by a firmware upgrade?

A. Report settings
B. Custom datasets

Answer: B

31. Which FortiAnalyzer feature allows you to automatically build a dataset and chart based on a
filtered search results?
A. Export to Report Chart (FortiView)
B. Dataset library

Answer: A
 32. What is the purpose of the auto-cache setting on reports?
A. To automatically update the hcache when new logs arrive
B. To reduce the log insert lag rate

Answer: A

33. If the same or similar reports will be run against many different FortiGates, what report feature
can you use to improve report generation time?
A. Report grouping
B. Hcache

Answer: A

34. What data does the CLI command diagnose sql show hcache-size provide?
A. Hcache size on the file system
B. State of the hcache

Answer: A