Last Updated On : 13-Jan-2026
Total 56 Questions
Which statement describes archive logs on FortiAnalyzer?
A. Logs that are indexed and stored in the SQL database
B. Logs a FortiAnalyzer administrator can access in FortiView
C. Logs compressed and saved in files with the .gz extension
D. Logs previously collected from devices that are offline
Explanation: In FortiAnalyzer, archive logs refer to logs that have been compressed and
stored to save space. This process involves compressing the raw log files into the .gz
format, which is a common compression format used in Fortinet systems for archived data.
Archiving is essential in FortiAnalyzer to optimize storage and manage long-term retention
of logs without impacting performance.
Let’s examine each option for clarity:
Option A: Logs that are indexed and stored in the SQL database
Option B: Logs a FortiAnalyzer administrator can access in FortiView
Option C: Logs compressed and saved in files with the .gz extension
Option D: Logs previously collected from devices that are offline
References: FortiAnalyzer 7.4.1 documentation and configuration guides outline that
archived logs are stored in compressed files with the .gz extension to conserve storage
space, ensuring FortiAnalyzer can handle a larger volume of logs over extended periods.
Exhibit.
What can you conclude about these search results? (Choose two.)
A. They can be downloaded to a file.
B. They are sortable by columns and customizable.
C. They are not available for analysis in FortiView.
D. They were searched by using text mode.
Explanation: In this exhibit, we observe a search query on the FortiAnalyzer interface
displaying log data with details about the connection events, including fields like date, srcip,
dstip, service, and dstintf. This setup allows for several functionalities within FortiAnalyzer.
Option A - Download Capability:
Option B - Sorting and Customization:
Option C - Availability in FortiView:
Option D - Text Mode Search:
Conclusion:
Correct Answer: A. They can be downloaded to a file. and B. They are sortable by
columns and customizable.
These options are consistent with FortiAnalyzer's capabilities for managing,
exporting, and customizing log data.
References:
FortiAnalyzer 7.4.1 documentation on search, export functionalities, and
customizable views.
Which statement about sending notifications with incident update is true?
A. You can send notifications to multiple external platforms.
B. Notifications can be sent only by email.
C. If you use multiple fabric connectors, all connectors must have the same settings.
D. Notifications can be sent only when an incident is updated or deleted.
Explanation: In FortiOS and FortiAnalyzer, incident notifications can be sent to multiple
external platforms, not limited to a single method such as email. Fortinet's security fabric
and integration capabilities allow notifications to be sent through various fabric connectors
and third-party integrations. This flexibility is designed to ensure that incident updates
reach relevant personnel or systems using preferred communication channels, such as
email, Syslog, SNMP, or integration with SIEM platforms.
Let’s review each answer option for clarity:
Option A: You can send notifications to multiple external platforms
Option B: Notifications can be sent only by email
Option C: If you use multiple fabric connectors, all connectors must have the same
settings
Option D: Notifications can be sent only when an incident is updated or deleted
References: According to FortiOS and FortiAnalyzer 7.4.1 documentation, notifications for
incidents can be configured across various platforms by using multiple connectors, and
they are not limited to email alone. This capability is part of the Fortinet Security Fabric,
allowing for a broad range of integrations with external systems and platforms for effective
incident response.
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
A. FortiAnalyzer flags the associated host for further analysis.
B. A new infected entry is added for the corresponding endpoint under Compromised Hosts.
C. The detection engine classifies those logs as Suspicious.
D. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
A playbook contains five tasks in total. An administrator runs the playbook and four out of
five tasks finish successfully, but one task fails.
What will be the status of the playbook after it is run?
A. Attention required
B. Upstream_failed
C. Failed
D. Success
Explanation:
In FortiAnalyzer, when a playbook is run, each task’s status impacts the overall playbook
status. Here’s what happens based on task outcomes:
Status When All Tasks Succeed:
Status When Some Tasks Fail:
Option Analysis:
Conclusion:
Correct Answer: A. Attention required
The playbook status reflects that it completed, but an error occurred in one of the
tasks, prompting the administrator to review the failed task.
References:
FortiAnalyzer 7.4.1 documentation on playbook execution statuses and task error
handling.
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView,
but, so far, you have been uncuccessful.
Which two tasks should you perform to investigate why you are having this issue? (Choose
two.)
A. Open .gz log files in FortiView.
B. Rebuild the SQL database and check FortiView.
C. Review the ADOM data policy
D. Check logs in the Log Browse
As part of your analysis, you discover that a Medium severity level incident is fully
remediated.
You change the incident status to Closed:Remediated.
Which statement about your update is true?
A. The incident can no longer be deleted.
B. The corresponding event will be marked as Mitigated.
C. The corresponding event will be marked as Mitigated.
D. The incident severity will be lowered.
| Page 2 out of 8 Pages |
| FCP_FAZ_AN-7.4 Practice Test Home |
Choosing the right preparation material is critical for passing the Fortinet FCP - FortiAnalyzer 7.4 Analyst exam. Here’s how our FCP_FAZ_AN-7.4 practice test is designed to bridge the gap between knowledge and a passing score.
Copyright © - All Rights Reserved