FCP_FAZ_AN-7.4 Fortinet Exam Questions and Free Practice Test

Question 7

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

A. FortiAnalyzer flags the associated host for further analysis.

B. A new infected entry is added for the corresponding endpoint under Compromised Hosts.

C. The detection engine classifies those logs as Suspicious.

D. The endpoint is marked as Compromised and, optionally, can be put in quarantine.

Correct Answer:B

Question 8

You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?

A. The report does not have auto-cache and extended log filtering enabled.

B. The playbook is currently running and will be available after it is finished.

C. You must create a trigger to run the report first.

D. The report has no result and must be reconfigured.

Correct Answer:A

Question 9

Which statement regarding macros on FortiAnalyzer is true?

A. Macros are predefined templates for reports and cannot be customized.

B. Macros are useful in generating excel log files automatically based on the report settings.

C. Macros are ADOM-specific and each ADOM type have unique macros relevant to that ADOM.

D. Macros are supported only on the FortiGate ADOMs.

Correct Answer:B
Macros in FortiAnalyzer are used to streamline reporting tasks by automating data extraction and report generation. Here??s a breakdown of each option to determine the correct Answer
✑ Option A - Macros are Predefined Templates for Reports and Cannot be
Customized:
✑ Option B - Macros are Useful in Generating Excel Log Files Automatically Based on the Report Settings:
✑ Option C - Macros are ADOM-Specific and Each ADOM Type Has Unique Macros Relevant to that ADOM:
✑ Option D - Macros are Supported Only on the FortiGate ADOMs:
Conclusion:
✑ Correct Answer: B. Macros are useful in generating excel log files automatically based on the report settings.
✑ This answer correctly describes the functionality of macros in FortiAnalyzer, emphasizing their role in automating report generation, especially for Excel log files.
References:
✑ FortiAnalyzer 7.4.1 documentation on macros and report generation functionalities.

Question 10

Exhibit.
FCP_FAZ_AN-7.4 dumps exhibit
What is the analyst trying to create?

A. The analyst is trying to create a trigger variable to the used in the playbook.

B. The analyst is trying to create an output variable to be used in the playbook.

C. The analyst is trying to create a report in the playbook.

D. The analyst is trying to create a SOC report in the playbook.

Correct Answer:B
In the exhibit, the playbook configuration shows the analyst working with the "Attach Data" action within a playbook. Here??s a breakdown of key aspects:
✑ Incident ID: This field is linked to the "Playbook Starter," which indicates that the playbook will attach data to an existing incident.
✑ Attachment: The analyst is configuring an attachment by selecting Run_REPORT with a placeholder ID for report_uuid. This suggests that the report??s UUID will dynamically populate as part of the playbook execution.
Analysis of Options:
✑ Option A - Creating a Trigger Variable:
✑ Option B - Creating an Output Variable:
✑ Option C - Creating a Report in the Playbook:
✑ Option D - Creating a SOC Report:
Conclusion:
✑ Correct Answer: B. The analyst is trying to create an output variable to be used in the playbook.
✑ The setup allows the playbook to dynamically assign the report_uuid as an output variable, which can then be used in further actions within the playbook.
References:
✑ FortiAnalyzer 7.4.1 documentation on playbook configurations, output variables, and data attachment functionalities.

Question 11

Exhibit.
FCP_FAZ_AN-7.4 dumps exhibit
What can you conclude about these search results? (Choose two.)

A. They can be downloaded to a file.

B. They are sortable by columns and customizable.

C. They are not available for analysis in FortiView.

D. They were searched by using text mode.

Correct Answer:AD
In this exhibit, we observe a search query on the FortiAnalyzer interface displaying log data with details about the connection events, including fields like date, srcip, dstip, service, and dstintf. This setup allows for several functionalities within FortiAnalyzer.
✑ Option A - Download Capability:
✑ Option B - Sorting and Customization:
✑ Option C - Availability in FortiView:
✑ Option D - Text Mode Search:
Conclusion:
✑ Correct Answer: A. They can be downloaded to a file. and B. They are sortable by columns and customizable.
✑ These options are consistent with FortiAnalyzer's capabilities for managing, exporting, and customizing log data.
References:
✑ FortiAnalyzer 7.4.1 documentation on search, export functionalities, and customizable views.

Question 12

Which log will generate an event with the status Contained?

A. An AV log with action=quarantine.

B. An IPS log with action=pass.

C. A WebFilter log will action=dropped.

D. An AppControl log with action=blocked.

Correct Answer:A

START FCP_FAZ_AN-7.4 EXAM