Which statement describes a dataset in FortiAnalyzer?
Correct Answer: A
Datasets in FortiAnalyzer determine what data is retrieved from the database. They essentially represent an SQL SELECT query that defines the specific data to be polled from the database, which is then used to populate charts and reports.
Refer to the exhibits.
How many events will be added to the incident created after running this playbook?
Correct Answer: D
Based on the given exhibits, the filter in the playbook runs a query to match all conditions: Severity == Medium, Event Type == IPS, and Tag == Intrusion. From the Event Status list, there are ten entries that meet these criteria.
Refer to the exhibit.
What does the data point at 12:20 indicate?
Correct Answer: C
At 12:20, the graph shows a divergence between the receive rate and the insert rate, with the receive rate spiking higher than the insert rate. This indicates an increasing lag time between when logs are received and when they are inserted into the database, meaning the log insert lag time is increasing.
You created a playbook on FortiAnalyzer that uses a FortiOS connector.
When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stitch are available in the FortiOS connector?
Correct Answer: B
When configuring the FortiGate side to ensure that the actions in an automation stitch are available in the FortiOS connector, the trigger used must be 'Incoming Webhook'. This is because the FortiAnalyzer can send a webhook call to the FortiGate as part of the playbook actions, which then triggers the automation stitch on the FortiGate. The 'Incoming Webhook' trigger allows the FortiGate to execute these stitches based on specific conditions defined in the FortiAnalyzer.
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
Correct Answer: C
Threat hunting in FortiAnalyzer enables you to proactively search through network data to detect and isolate advanced threats before they cause harm or breach data. This capability is crucial for a proactive cybersecurity strategy, allowing security teams to identify and respond to potential threats before they become actual incidents.