Free Fortinet FCP_FAZ_AD-7.4 Practice Exam with Questions & Answers | Set: 4

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 121: The logfiled process enforces the log file size and is also responsible for disk quota enforcement by monitoring the other processes.

In the case of a primary device failure, FortiAnalyzer HA uses the following rules to select a new primary:

• All cluster devices are assigned a priority from 80 to 120. The default priority is 100. If the primary device

becomes unavailable, the device with the highest priority is selected as the new primary device. For

example, a device with a priority of 110 is selected over a device with a priority of 100.

• If multiple devices have the same priority, the device whose primary IP address has the greatest value is

selected as the new primary device. For example, 123.45.67.124 is selected over 123.45.67.123.

• If a new device with a higher priority or a greater value IP address joins the cluster, the new device does

not replace (or pre-empt) the current primary device automatically.

FortiAnalyzer_7.0_Study_Guide-Online page 62

MEA - Administration Guide, FortiSIEM 6.7.5

To run the FortiSIEM Collector management extension application, the following requirements must be met:

FortiAnalyzer 7.0.1 or above

FortiSIEM Supervisor, Worker, Collectors 6.3.0 or above.

FortiSIEM Linux Agent 6.3.0 or above.

FortiSIEM Windows Agent 4.1.2 or above.

In order to configure IOC, you require the following:

• A one-year subscription to IOC. Note that FortiAnalyzer does include an evaluation license, but it is restrictive and only meant to give you an idea of how the feature works.

• A web filter services subscription on FortiGate device(s)

• Web filter policies on FortiGate device(s) that send traffic to FortiAnalyzer

Compromised Hosts or Indicators of Compromise service (IOC) is a licensed feature.

To view Compromised Hosts, you must turn on the UTM web filter of FortiGate devices and subscribe your FortiAnalyzer unit to FortiGuard to keep its local threat database synchronized with the FortiGuard threat database. See Subscribing FortiAnalyzer to FortiGuard.

Ref : https://docs.fortinet.com/document/fortianalyzer /6.4.0/administration-guide/137635/viewing-compromised-hosts

When in analyzer mode, FortiAnalyzer supports event management and reporting features.

In analyzer mode, FortiAnalyzer provides full support for log analysis, event management, and reporting capabilities.

Analyzer mode is the default operating mode.

By default, FortiAnalyzer operates in analyzer mode, which allows for log analysis and reporting.

The other options are incorrect because:

In collector mode, the FortiAnalyzer primarily stores logs and forwards them to another FortiAnalyzer in analyzer mode, not the other way around.

In collector mode, most disk space is usually allocated to storage rather than analytics, as the logs are primarily stored for forwarding.

On there the task was to create a filter for failed logins from any other location but the local computer: "Add the text performed_on!~10.0.1.10. This includes any attempts coming from devices with an IP address that is not the one configured on the Local-Client computer."