Fortinet FCP FAZ AN 7 4 Exam Questions
Questions for the FCP FAZ AN 7 4 were updated on : Nov 23 ,2025
Page 1 out of 4. Viewing questions 1-15 out of 56
Question 1
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that
match blacklisted IP addresses?
- A. FortiAnalyzer flags the associated host for further analysis.
- B. A new infected entry is added for the corresponding endpoint under Compromised Hosts.
- C. The detection engine classifies those logs as Suspicious.
- D. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
Answer:
B
Question 2
You are trying to configure a task in the playbook editor to run a report.
However, when you try to select the desired playbook, you do to see it listed.
What is the reason?
- A. The report does not have auto-cache and extended log filtering enabled.
- B. The playbook is currently running and will be available after it is finished.
- C. You must create a trigger to run the report first.
- D. The report has no result and must be reconfigured.
Answer:
A
Question 3
Which statement about the FortiSIEM management extension is correct?
- A. It allows you to manage the entire life cycle of a threat or breach.
- B. It can be installed as a dedicated VM.
- C. Its use of the available disk space is capped at 50%.
- D. It requires a licensed FortiSIEM supervisor.
Answer:
B
Question 4
Exhibit.
What does the data point at 12:20 indicate?
- A. The log insert log time is increasing.
- B. FortiAnalyzer is using its cache to avoid dropping logs.
- C. The performance of FortiAnalyzer is below the baseline.
- D. The sqiplugind service is caught up with the logs
Answer:
A
Question 5
Which log will generate an event with the status Contained?
- A. An AV log with action=quarantine.
- B. An IPS log with action=pass.
- C. A WebFilter log will action=dropped.
- D. An AppControl log with action=blocked.
Answer:
A
Question 6
Which statement about exporting items in Report Definitions is true?
- A. Templates can be exported.
- B. Template exports contain associated charts and datasets.
- C. Chart exports contain associated datasets.
- D. Datasets can be exported.
Answer:
B
Question 7
You need to move reports between two ADOMs.
Which two statements are true? (Choose two.)
- A. The ADOMs must be compatible types.
- B. The data and time will be appointed to the original report name to avoid conflicts.
- C. All charts and datasets associated with the report will be imported together.
- D. You need to convert the reports into templates first.
Answer:
A, C
Question 8
What is the purpose of using data selectors when configuring event handlers?
- A. They filter the types of logs that FortiAnalyzer can accept from registered devices.
- B. They download new filters can be used in event handlers.
- C. They apply their filter criteria to the entire event handler so that you don’t have to configure the same criteria in the individual rules.
- D. They are common filters that can be applied simultaneously to all event handlers.
Answer:
C
Question 9
Which statement about automation connectors in FortiAnalyzer is true?
- A. An ADOM with the Fabric type comes with multiple connectors configured.
- B. The local connector becomes available after you configured any external connector.
- C. The local connector becomes available after you connectors are displayed.
- D. The actions available with FortiOS connectors are determined by automation rules configured on FortiGate.
Answer:
D
Question 10
You are tasked with finding logs corresponding to a suspected attack on your network.
You need to use an interface where all identified threats within timeframe are listed and organized.
You also need to be able to quickly export the information to a PDF file.
Where can you go to accomplish this task?
- A. Log Browse
- B. Log View
- C. Fabric View
- D. FortiView
Answer:
D
Question 11
Which two statements about exporting and importing playbacks are true? (Choose two.)
- A. A playbook that was disabled when it was exported mil be disabled when it is imported.
- B. Playbooks can so imported 10 a different FortiAnayzer device, but only if the connectors already exist
- C. You can import a playbook even if there is another one win the same name in the destination
- D. You can export only one playbook at a time.
Answer:
C, D
Question 12
You discover that a few reports are taking a long tine lo generate. Which two steps can you Like to
troubleshoot? (Choose two.)
- A. Remove old reports from the hcache
- B. Enable auto-cache and run the reports again
- C. Increase the ADOM reports quota
- D. Review report diagnostics
Answer:
A, B
Question 13
Which two statements about playbook execution are true? (Choose two)
- A. FortiAnalyzer will not commit changes made by a Failed playbook
- B. The Playbook Monitor provides troubleshooting logs
- C. You can <un the default debugging playbook to investigate playbook errors. O Even I the playbook status is Failed, individual tasks may have succeeded.
Answer:
A, B
Question 14
You must find a specific security event log in the FortiAnalyzer logs displayed in FortiView, but, so far,
you have been uncuccessful.
Which two tasks should you perform to investigate why you are having this issue? (Choose two.)
- A. Open .gz log files in FortiView.
- B. Rebuild the SQL database and check FortiView.
- C. Review the ADOM data policy
- D. Check logs in the Log Browse
Answer:
A, B
Question 15
Which two statement regarding the outbreak detection service are true? (Choose two.)
- A. An additional license is required.
- B. It automatically downloads new event handlers and reports.
- C. Outbreak alerts are available on the root ADOM only.
- D. New alerts are received by email.
Answer:
B, C