FCP_FAZ_AN-7.6 Exam Questions
79 real FCP_FAZ_AN-7.6 exam questions with expert-verified answers and explanations. Page 2 of 2.
- Question #51
What should you always do after erasing the FortiAnalyzer configuration on flash?
- Question #52
What are the two methods you can use to send notifications when an event is generated by an event handler? (Choose two.)
- Question #53
Refer to the exhibit. What can you conclude from this output?
- Question #54
Refer to the exhibits. Assume these are all the events that exist on the FortiAnalyzer device. How many events will be added to the incident created after running this playbook?
- Question #55
Which operation can you use SQL SELECT queries for?
- Question #56
Refer to the exhibit. What is the analyst trying to create?
- Question #57
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
- Question #58
Refer to the exhibit with partial output. Your colleague exported a playbook and has sent it to you for review. You open the file in a text editor and observe the output as shown i...
- Question #59
In your role as an analyst, you frequently search the log view using the same parameters. Instead of defining the same search filters repeatedly, what can you do to save time?
- Question #60
When you move a FortiGate device from one ADOM to a new ADOM, what is the purpose of rebuilding the new ADOM database?
- Question #61
What is the main purpose of deploying RAID with FortiAnalyzer?
- Question #62
When generating reports on FortiAnalyzer, macros can be used to include additional data. Which two statements about macros are true? (Choose two.)
- Question #63
Why must you wait for several minutes before you run a playbook that you just created?
- Question #64
Refer to the exhibit. What can you conclude about the output?
- Question #65
Refer to the exhibit. A fortiAnalyzer analyst is customizing a SQL query to use in a report. Which SQL query should the analyst run to get the expected results?
- Question #66
You want to design a playbook that runs a series of tasks in parallel. How can you accomplish this goal?
- Question #67
Refer to the exhibit. Which statement about the event displayed is correct?
- Question #69
Refer to the exhibit. Which two observations can you make after reviewing this log entry? (Choose two.)
- Question #70
Refer to the exhibit. The playbook shown in the exhibit requires fine-tuning. A task needs to be configured to run a report on the updated asset list that the FortiAnalyzer receive...
- Question #71
Which two parameters does FortiAnalyzer use to identify an indicator of compromise (IOC)? (Choose two.)
- Question #72
When managing incidents on FortiAnalyzer, which fact must an analyst be aware of?
- Question #73
Which three types of indicators can FortiAnalyzer identify? (Choose three.)
- Question #74
Which three types of traffic does the safeguarding event handler scan? (Choose three.)
- Question #75
Refer to the exhibit. What does the orange status indicator on the FortiGuard Connector indicate?
- Question #76
When there are no matching parsers for a device log, what does FortiAnalyzer do?
- Question #77
How does FortiAnalyzer block indicators?
- Question #78
What is the purpose of running the command diagnose sql status sqlreportd?
- Question #79
Refer to the exhibit. What is the analyst trying to create?
- Question #80
In a FortiAnalyzer Fabric deployment, which three modules from Fabric members are available for analysis on the supervisor? (Choose three.)