Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

View the exhibit.

What does the data point at 14:35 tell you?

A.

FortiAnalyzer is dropping logs.

B.

FortiAnalyzer is indexing logs faster than logs are being received.

C.

FortiAnalyzer has temporarily stopped receiving logs so older logs’ can be indexed.

D.

The sqlplugind daemon is ahead in indexing by one log.

Refer to the exhibit.

Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than "admin", and coming from Laptop1.

Which filter will achieve the desired result?

A.

operation-login & dstip==10.1.1.210 & user!-admin

B.

operation-login & srcip==10.1.1.100 & dstip==10.1.1.210 & user==admin

C.

operation-login & performed_on=="GUI(10.1.1.210)" & user!=admin

D.

operation-login & performed_on=="GUI(10.1.1.100)" & user!=admin

What are offline logs on FortiAnalyzer?

A.

Compressed logs, which are also known as archive logs, are considered to be offline logs.

B.

When you restart FortiAnalyzer. all stored logs are considered to be offline logs.

C.

Logs that are indexed and stored in the SQL database.

D.

Logs that are collected from offline devices after they boot up.

What purposes does the auto-cache setting on reports serve? (Choose two.)

A.

To reduce report generation time

B.

To automatically update the hcache when new logs arrive

C.

To reduce the log insert lag rate

D.

To provide diagnostics on report generation time

Which statement is true when you are upgrading the firmware on an HA cluster made up of two FortiAnalyzer devices?

A.

First, upgrade the secondary device, and then upgrade the primary device.

B.

Both FortiAnalyzer devices will be upgraded at the same time.

C.

You can enable uninterruptible-upgrade so that the normal FortiAnalyzer operations are not interrupted while the cluster firmware upgrades.

D.

You can perform the firmware upgrade using only a console connection.

Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?

A.

To properly correlate logs

B.

To use real-time forwarding

C.

To resolve host names

D.

To improve DNS response times

For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered

devices should:

A.

Use DNS

B.

Use host name resolution

C.

Use real-time forwarding

D.

Use an NTP server

What remote authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three)

A.

RADIUS

B.

Local

C.

LDAP

D.

PKI

E.

TACACS+

What is the purpose of using prefilters when configuring event handlers?

A.

They limit which logs are checked for matches by the other filters.

B.

They can filter the logs before they are processed by FortiAnalyzer

C.

They download new filters to be used in event handlers.

D.

They are common filters applied simultaneously to all event handlers.

Refer to the exhibit.

What does the data point at 12:20 indicate?

A.

The performance of FortiAnalyzer is below the baseline.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The log insert lag time is increasing.

D.

The sqlplugind service is caught up with new logs.