Home

Home / Fortinet / FCP_FAZ_AN-7.4

Question list

List of questions

Question 1

(0)

Exhibit. Based on the partial outputs displayed, which devices can be members of a FotiAnalyzer Fabric?

Question 2

(0)

Which two actions should an administrator take to vide Compromised Hosts on FortiAnalyzer? (Choose two.)

Question 3

(0)

You need to move reports between two ADOMs. Which two statements are true? (Choose two.)

Question 4

(0)

Which log will generate an event with the status Unhandled?

Question 5

(0)

Exhibit. Which statement about the event displayed is correct?

Question 6

(0)

Which statement describes archive logs on FortiAnalyzer?

Question 7

(0)

Which statement about sending notifications with incident update is true?

Question 8

(0)

Which statement about the FortiSOAR management extension is correct?

Question 9

(0)

Which SQL query is in the correct order to query to database in the FortiAnalyzer?

Question 10

(0)

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are availab

Open VPLUS File

Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?

Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?

Which statement about sending notifications with incident updates is true?

Which statement correctly describes one Difference between templates and reports?

What is the purpose of playbook trigger variables?

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?

Which statement about the FortiSIEM management extension is correct?

Exhibit. What does the data point at 12:20 indicate?

Which log will generate an event with the status Contained?

Question 20 - FCP_FAZ_AN-7.4 discussion

Report

Exhibit.

What is the analyst trying to create?

A.

The analyst is trying to create a trigger variable to the used in the playbook.

B.

The analyst is trying to create an output variable to be used in the playbook.

C.

The analyst is trying to create a report in the playbook.

D.

The analyst is trying to create a SOC report in the playbook.

Suggested answer: B

Explanation:

In the exhibit, the playbook configuration shows the analyst working with the 'Attach Data' action within a playbook. Here's a breakdown of key aspects:

Incident ID: This field is linked to the 'Playbook Starter,' which indicates that the playbook will attach data to an existing incident.

Attachment: The analyst is configuring an attachment by selecting Run_REPORT with a placeholder ID for report_uuid. This suggests that the report's UUID will dynamically populate as part of the playbook execution.

Analysis of Options:

Option A - Creating a Trigger Variable:

A trigger variable would typically be set up in the playbook starter or initiation configuration, not within the 'Attach Data' action. The setup here does not indicate a trigger, as it's focusing on data attachment.

Conclusion: Incorrect.

Option B - Creating an Output Variable:

The field Attachment with a report_uuid placeholder suggests that the analyst is defining an output variable that will store the report data or ID, allowing it to be attached to the incident. This variable can then be referenced or passed within the playbook for further actions or reporting.

Conclusion: Correct.

Option C - Creating a Report in the Playbook:

While Run_REPORT is selected, it appears to be an attachment action rather than a report generation task. The purpose here is to attach an existing or dynamically generated report to an incident, not to create the report itself.

Conclusion: Incorrect.

Option D - Creating a SOC Report:

Similarly, this configuration is focused on attaching data, not specifically generating a SOC report. SOC reports are generally predefined and generated outside the playbook.

Conclusion: Incorrect.

Conclusion:

Correct Answe r : B. The analyst is trying to create an output variable to be used in the playbook.

The setup allows the playbook to dynamically assign the report_uuid as an output variable, which can then be used in further actions within the playbook.

FortiAnalyzer 7.4.1 documentation on playbook configurations, output variables, and data attachment functionalities.

Show Answer

asked 27/11/2024

Sergio Pena Ochoa

36 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first