Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

FCP_FAZ_AN-7.6 Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst Questions and Answers

Questions 4

Which two statements about local logs on FortiAnalyzer are true? (Choose two.)

Options:

A.

Local logs are not displayed in FortiView.

B.

Event logs are available in the root ADOM.

C.

Playbook logs for all ADOMs are in the root ADOM.

D.

Application control logs are ADOM-specific

Buy Now
Questions 5

Which two statements regarding FortiAnalyzer operating modes are true? (Choose two.)

Options:

A.

When running in collector mode, FortiAnalyzer can forward logs to a syslog server.

B.

FortiAnalyzer runs in collector mode by default unless it is configured for HA.

C.

You can create and edit reports when FortiAnalyzer is running in collector mode.

D.

A topology with FortiAnalyzer devices running in both modes can improve their performance.

Buy Now
Questions 6

(You created a playbook on FortiAnalyzer that uses a FortiOS connector. When you configure FortiGate, which type of trigger must you use so that the actions in an automation stitch are available in the FortiOS connector? (Choose one answer)

Options:

A.

FortiAnalyzer Event Handler

B.

Incoming webhook

C.

Fabric Connector event

D.

IP ban

Buy Now
Questions 7

(Which two parameters does FortiAnalyzer use to identify an indicator of compromise (IOC)? (Choose two answers)

Options:

A.

IP address

B.

URL

C.

Policy ID

D.

Application category

Buy Now
Questions 8

Which statement about SQL SELECT queries is true?

Options:

A.

They can be used to purge log entries from the database.

B.

They must be followed immediately by a WHERE clause.

C.

They can be used to display the database schema.

D.

They are not used in macros.

Buy Now
Questions 9

You are trying to configure a task in the playbook editor to run a report.

However, when you try to select the desired playbook, you do to see it listed.

What is the reason?

Options:

A.

The report does not have auto-cache and extended log filtering enabled.

B.

The playbook is currently running and will be available after it is finished.

C.

You must create a trigger to run the report first.

D.

The report has no result and must be reconfigured.

Buy Now
Questions 10

What is the purpose of using data selectors when configuring event handlers?

Options:

A.

They filter the types of logs that FortiAnalyzer can accept from registered devices.

B.

They download new filters can be used in event handlers.

C.

They apply their filter criteria to the entire event handler so that you don’t have to configure the same criteria in the individual rules.

D.

They are common filters that can be applied simultaneously to all event handlers.

Buy Now
Questions 11

Exhibit.

What does the data point at 12:20 indicate?

Options:

A.

The log insert log time is increasing.

B.

FortiAnalyzer is using its cache to avoid dropping logs.

C.

The performance of FortiAnalyzer is below the baseline.

D.

The sqiplugind service is caught up with the logs

Buy Now
Questions 12

Which statement about sending notifications with incident updates is true?

Options:

A.

Each connector used can have different notification settings

B.

Each incident can send notification to a single external platform.

C.

You must configure an output profile to send notifications by email.

D.

Notifications can be sent only when an incident is created oi deleted.

Buy Now
Questions 13

Exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzer1 and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

FortiAnalyzer2 and FortiAnalyzer3

D.

All devices listed can be members.

Buy Now
Questions 14

(Refer to the exhibit.

Which two observations can you make after reviewing this log entry? (Choose two answers)

Options:

A.

This is a normalized log.

B.

This is a formatted view of the log.

C.

This is the original log that FortiAnalyzer received from FortiGate.

D.

This log is in a raw log format.

Buy Now
Questions 15

You need to move reports between two ADOMs.

Which two statements are true? (Choose two.)

Options:

A.

The ADOMs must be compatible types.

B.

The date and time will be appended to the original report name to avoid conflicts.

C.

All charts and datasets associated with the report will be imported together.

D.

You need to convert the reports into templates first.

Buy Now
Questions 16

After generating a report, you notice the information you were expecting to see is not included in it. However, you confirm that the logs are there:

Which two actions should you perform? (Choose two.)

Options:

A.

Check the time frame covered by the report.

B.

Disable auto-cache.

C.

Increase the report utilization quota.

D.

Test the dataset.

Buy Now
Questions 17

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

Options:

A.

FortiAnalyzer flags the associated host for further analysis.

B.

A new infected entry is added for the corresponding endpoint under Compromised Hosts.

C.

The detection engine classifies those logs as Suspicious.

D.

The endpoint is marked as Compromised and, optionally, can be put in quarantine.

Buy Now
Questions 18

You discover that a few reports are taking a long time to generate. Which two steps can you take to troubleshoot? (Choose two.)

Options:

A.

Remove old reports from the hcache

B.

Enable auto-cache and run the reports again

C.

Increase the ADOM reports quota

D.

Review report diagnostics

Buy Now
Questions 19

You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been unsuccessful.

Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

Options:

A.

Open .gz log files in FortiView.

B.

Rebuild the SQL database and check FortiView.

C.

Review the ADOM data policy

D.

Check logs in the Log Browse

Buy Now
Questions 20

(How does FortiAnalyzer block indicators? (Choose one answer)

Options:

A.

It uses an automation script to update FortiGate with the block list.

B.

It uses a FortiManager connector to send the block list.

C.

It uses a FortiClient EMS connector to send the block list.

D.

It uses a webhook to allow FortiGate to send the block list.

Buy Now
Questions 21

As part of your analysis, you discover that an incident is a false positive.

You change the incident status to Closed: False Positive.

Which statement about your update is true?

Options:

A.

The audit history log will be updated.

B.

The corresponding event will be marked as mitigated.

C.

The incident will be deleted.

D.

The incident number will be changed

Buy Now
Questions 22

Refer to the exhibit.

What can you conclude about the output?

Options:

A.

Both messages and logs are almost finished indexing.

B.

There are more traffic logs than event logs.

C.

The message rate being higher than the log rate is not normal.

D.

The output is ADOM-specific.

Buy Now
Questions 23

Which statement about the FortiSOAR management extension is correct?

Options:

A.

It requires a FortiManager configured to manage FortiGate.

B.

It runs as a docker container on FortiAnalyzer.

C.

It requires a dedicated FortiSOAR device or VM.

D.

It does not include a limited trial by default.

Buy Now
Exam Code: FCP_FAZ_AN-7.6
Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst
Last Update: Jul 2, 2026
Questions: 67
FCP_FAZ_AN-7.6 pdf

FCP_FAZ_AN-7.6 PDF

$25.5  $84.99
FCP_FAZ_AN-7.6 Engine

FCP_FAZ_AN-7.6 Testing Engine

$30  $99.99
FCP_FAZ_AN-7.6 PDF + Engine

FCP_FAZ_AN-7.6 PDF + Testing Engine

$40.5  $134.99