FCP_FAZ_AN-7.6 Exam Questions
79 real FCP_FAZ_AN-7.6 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
You created a playbook on FortiAnalyzer that uses a FortiOS connector. When you configure FortiGate, which type of trigger must you use so that the actions in an automation stitch...
- Question #2
When managing incidents on FortiAnlyzer, what must an analyst be aware of?
- Question #3
An administrator on your team has configured multiple reports to run periodically. Management has an additional request that all new generated reports be sent to a company email in...
- Question #4
Which statement regarding macros on FortiAnalyzer is true?
- Question #5
After generating a report, you notice the information you were expecting to see is not included in it. However, you confirm that the logs are there. Which two actions should you pe...
- Question #6
Refer to the exhibit. What can you conclude about these search results? (Choose two.)
- Question #7
Which two statements regarding FortiAnalyzer operating modes are true? (Choose two.)
- Question #8
As part of your analysis, you discover that an incident is a false positive. You change the incident status to Closed: False Positive. Which statement about your update is true?
- Question #9
Refer to the exhibit. Laptop1 is used by several administrators to manage FortiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web inte...
- Question #10
Which two statements about local logs on FortiAnalyzer are true? (Choose two.)
- Question #11
Refer to the exhibit. What does the data point at 21:20 indicate?
- Question #12
A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playb...
- Question #13
Refer to the exhibit. Client-1 is trying to access the internet for web browsing. All FortiGate devices in the topology are part of a Security Fabric with logging to FortiAnalyzer...
- Question #14
What are two effects of enabling auto-cache in a FortiAnalyzer report? (Choose two.)
- Question #15
What is the purpose of running the command diagnose sql status sqlplugind?
- Question #16
Refer to the exhibit. What can you conclude about the output?
- Question #17
As part of your analysis, you discover that a Medium severity level incident is fully remediated. You change the incident status to Closed: Remediated. Which statement about your u...
- Question #18
What is the purpose of playbook trigger variables?
- Question #19
Which statement correctly describes one difference between templates and reports?
- Question #20
Which statement about sending notifications with incident updates is true?
- Question #21
Refer to the exhibit. What is the purpose of using the Chart Builder feature on FortiAnalyzer?
- Question #22
Which two statements regarding the outbreak detection service are true? (Choose two.)
- Question #23
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been unsuccessful. Which two tasks should you perform to investi...
- Question #24
Which two statements about playbook execution are true? (Choose two.)
- Question #25
You discover that a few reports are taking a long time to generate. Which two steps can you take to troubleshoot? (Choose two.)
- Question #26
Which two statements about exporting and importing playbacks are true? (Choose two.)
- Question #27
You are tasked with finding logs corresponding to a suspected attack on your network. You need to use an interface where all identified threats within timeframe are listed and orga...
- Question #28
Which statement about automation connectors in FortiAnalyzer is true?
- Question #29
What is the purpose of using data selectors when configuring event handlers?
- Question #30
You need to move reports between two ADOMs. Which two statements are true? (Choose two.)
- Question #31
Which statement about exporting items in Report Definitions is true?
- Question #32
Which log will generate an event with the status Contained?
- Question #33
Refer to the exhibit. What does the data point at 12:20 indicate?
- Question #34
Which statement about the FortiSIEM management extension is correct?
- Question #35
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired report you do not see it listed. What is the reason?
- Question #36
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
- Question #37
It is a best practice to upload FortiAnalyzer local logs to a remote server. Which three remote servers are supported for the upload? (Choose three.)
- Question #38
Which two FortiAnalyzer features allow you to automatically build a dataset and chart based on a filtered search result? (Choose two.)
- Question #39
What is included in the disk quota for each ADOM on the FortiAnalyzer?
- Question #40
Which log will generate an event with the status Unhandled?
- Question #41
Refer to the exhibit. Which statement about the displayed event is correct?
- Question #42
Which statement describes archive logs on FortiAnalyzer?
- Question #43
Which statement about sending notifications with incident update is true?
- Question #44
Which statement about the FortiSOAR management extension is correct?
- Question #45
Refer to the exhibit. Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?
- Question #46
Which two actions should you take to view compromised hosts on FortiAnalyzer? (Choose two.)
- Question #47
Which SQL query is in the correct order to query the database in the FortiAnalyzer?
- Question #48
What are event handlers?
- Question #49
Which two external servers can you configure to validate administrator logins? (Choose two.)
- Question #50
Which database language does FortiAnalyzer support for the purposes of logging and reporting?