ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
What is the purpose of playbook trigger variables?
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What does the data point at 12:20 indicate?
Which log will generate an event with the status Contained?

Question 14 - FCP_FAZ_AN-7.4 discussion

Report
Export

Exhibit.

A fortiAnalyzer analyst is customizing a SQL query to use in a report.

Which SQL query should the analyst run to get the expected results?

A)

B)

C)

D)

A.

Option A

Answers
A.

Option A

B.

Option B

Answers
B.

Option B

C.

Option C

Answers
C.

Option C

D.

Option D

Answers
D.

Option D

Suggested answer: A

Explanation:

The requirement here is to construct a SQL query that retrieves logs with specific fields, namely 'Source IP' and 'Destination Port,' for entries where the source IP address matches 10.0.1.10. The correct syntax is essential for selecting, filtering, ordering, and grouping the results as shown in the expected outcome.

Analysis of the Options:

Option A Explanation:

SELECT srcip AS 'Source IP', dstport AS 'Destination Port': This syntax selects srcip and dstport, renaming them to 'Source IP' and 'Destination Port' respectively in the output.

FROM $log: Specifies the log table as the data source.

WHERE $filter AND srcip = '10.0.1.10': This line filters logs to only include entries with srcip equal to 10.0.1.10.

ORDER BY dstport DESC: Orders the results in descending order by dstport.

GROUP BY srcip, dstport: Groups results by srcip and dstport, which is valid SQL syntax.

This option meets all the requirements to get the expected results accurately.

Option B Explanation:

WHERE $filter AND Source IP != '10.0.1.10': Uses != instead of =. This would exclude logs from the specified IP 10.0.1.10, which is contrary to the expected result.

Option C Explanation:

The ORDER BY clause appears before the FROM clause, which is incorrect syntax. SQL requires the FROM clause to follow the SELECT clause directly.

Option D Explanation:

The GROUP BY clause should follow the FROM clause. However, here, it's located after WHERE, making it syntactically incorrect.

Conclusion:

Correct Answe r : A. Option A

This option aligns perfectly with standard SQL syntax and filters correctly for srcip = '10.0.1.10', while ordering and grouping as required.

FortiAnalyzer 7.4.1 SQL query capabilities and syntax for report customization.

Show Answer
asked 27/11/2024
Maurille AGBISSIKO
33 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms