Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Fortinet FCP_FAZ_AN-7.6 Practice Exam with Questions & Answers

Questions 1

Which two statements regarding the outbreak detection service are true? (Choose two.)

Options:
A.

An additional license is required.

B.

It automatically downloads new event handlers and reports.

C.

Outbreak alerts are available on the root ADOM only.

D.

New alerts are received by email.

Fortinet FCP_FAZ_AN-7.6 Premium Access
Questions 2

In firmware version 7.6, how does on-premises FortiAnalyzer store logs? (Choose one answer)

Options:
A.

Uses ClickHouse database

B.

Uses MySQL database

C.

Uses Postgres SQL database

D.

Uses Elasticsearch database

Questions 3

Which SQL query is in the correct order to query the database in the FortiAnalyzer?

Options:
A.

SELECT devid FROM $log GROUP BY devid WHERE ‘user’,,’ users1’

B.

SELECT FROM $log WHERE devid ‘user’,, USER1’ GROUP BY devid

C.

SELCT devid WHERE ’user’-‘ USER1’ FROM $log GROUP By devid

D.

SELECT devid FROM $log WHERE ‘user’=’ GROUP BY devid

Questions 4

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been unsuccessful.

Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

Options:
A.

Open .gz log files in FortiView.

B.

Rebuild the SQL database and check FortiView.

C.

Review the ADOM data policy

D.

Check logs in the Log Browse

Questions 5

Which two statements about exporting and importing playbooks are true? (Choose two.)

Options:
A.

A playbook that was disabled when it was exported will be disabled when it is imported.

B.

Playbooks can be imported to a different FortiAnalyzer device, but only if the connectors already exist

C.

You can import a playbook even if there is another one with the same name in the destination

D.

You can export only one playbook at a time.

Questions 6

(Refer to the exhibit.

FCP_FAZ_AN-7.6 Question 6

Which statement about the displayed event is correct? (Choose one answer)

Options:
A.

An incident was created from this event.

B.

The risk source is isolated.

C.

The security risk was escalated.

D.

The security event risk is considered open.

Questions 7

Which two modules can be imported and exported between ADOMs on FortiAnalyzer? (Choose two.)

Options:
A.

Templates

B.

Reports

C.

Charts

D.

Datasets

Questions 8

Which log will generate an event with the status Contained?

Options:
A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log with action=dropped.

D.

An AppControl log with action=blocked.

Questions 9

Which statement correctly describes one difference between templates and reports?

Options:
A.

Reports support macros but templates do not

B.

Templates can be cloned, but reports cannot be cloned.

C.

Templates do not include advanced report settings, but reports do.

D.

Reports can be moved between ADOMs but templates cannot.

Questions 10

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

Options:
A.

FortiAnalyzer flags the associated host for further analysis.

B.

A new infected entry is added for the corresponding endpoint under Compromised Hosts.

C.

The detection engine classifies those logs as Suspicious.

D.

The endpoint is marked as Compromised and, optionally, can be put in quarantine.

Exam Code: FCP_FAZ_AN-7.6
Certification Provider: Fortinet
Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst
Last Update: Jul 7, 2026
Questions: 79