NSE4 Question #293: Real Exam Question with Answer & Explanation

Question

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. What is a valid reason for using the Full Search option, instead?

Options

• AThe search items you are looking for are not contained in indexed log fields.
• BA quick search only searches data received within the last 24 hours.
• CYou want the search to include the FortiAnalyzer's local logs.
• DYou want the search to include content archive data as well.

Explanation

FortiAnalyzer's Full Search option is used when the desired search criteria or specific details are not contained within the indexed log fields used by Quick Search.

Common mistakes.

• B. Quick Search is not limited to data received within the last 24 hours; it can search across the entire log dataset, albeit only on indexed fields.
• C. Both Quick Search and Full Search are designed to search across the FortiAnalyzer's stored logs, including logs received from FortiGates and potentially its own system logs, not exclusively differentiating local logs.
• D. Content archive data (e.g., email or web content archives) is typically searched using specialized archive features, not through the general log Quick or Full Search functionality.

Concept tested. FortiAnalyzer log search types

Reference. https://docs.fortinet.com/document/fortianalyzer/7.4.0/administration-guide/524310/log-view

No community discussion yet for this question.