ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
What is the purpose of playbook trigger variables?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
Which log will generate an event with the status Contained?
You are tasked with finding logs corresponding to a suspected attack on your network. You need to use an interface where all identified threats within timeframe are listed and organized. You also need to be able to quickly export the information to a PDF file. Where can you go to accomplish this task?
Which two statements about exporting and importing playbacks are true? (Choose two.)
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far, you have been uncuccessful. Which two tasks should you perform to investigate why you are having this issue? (Choose two.)

Question 2 - FCP_FAZ_AN-7.4 discussion

Report
Export

Which two actions should an administrator take to vide Compromised Hosts on FortiAnalyzer? (Choose two.)

A.

Enable device detection on the FotiGate device that are sending logs to FortiAnalyzer.

Answers
A.

Enable device detection on the FotiGate device that are sending logs to FortiAnalyzer.

B.

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to fortiAnalyzer.

Answers
B.

Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to fortiAnalyzer.

C.

Make sure all endpoints are reachable by FortiAnalyzer.

Answers
C.

Make sure all endpoints are reachable by FortiAnalyzer.

D.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Answers
D.

Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Suggested answer: A, B

Explanation:

To view Compromised Hosts on FortiAnalyzer, certain configurations need to be in place on both FortiGate and FortiAnalyzer. Compromised Host data on FortiAnalyzer relies on log information from FortiGate to analyze threats and compromised activities effectively. Here's why the selected answers are correct:

Option A: Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer

Enabling device detection on FortiGate allows it to recognize and log devices within the network, sending critical information about hosts that could be compromised. This is essential because FortiAnalyzer relies on these logs to determine which hosts may be at risk based on suspicious activities observed by FortiGate. This setting enables FortiGate to provide device-level insights, which FortiAnalyzer uses to populate the Compromised Hosts view.

Option B: Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer

Web filtering is crucial in identifying potentially compromised hosts since it logs any access to malicious sites or blocked categories. FortiAnalyzer uses these web filter logs to detect suspicious or malicious web activity, which can indicate compromised hosts. By ensuring that FortiGate sends these web filtering logs to FortiAnalyzer, the administrator enables FortiAnalyzer to analyze and identify hosts engaging in risky behavior.

Let's review the other options for clarity:

Option C: Make sure all endpoints are reachable by FortiAnalyzer

This is incorrect. FortiAnalyzer does not need direct access to all endpoints. Instead, it collects data indirectly from FortiGate logs. FortiGate devices are the ones that interact with endpoints and then forward relevant logs to FortiAnalyzer for analysis.

Option D: Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date

Although subscribing to FortiGuard helps keep threat intelligence updated, it is not a requirement specifically to view compromised hosts. FortiAnalyzer primarily uses logs from FortiGate (such as web filtering and device detection) to detect compromised hosts.

Show Answer
asked 27/11/2024
Sorin Craia
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms