Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.)
Correct Answer: A,D
Question 7
Exhibit. Laptop1 is used by severaladministratorsto manage FotiAnalyzer. You want to configure a generic text filter that matches all login attempts to the web interface generated by any user other than admin'', and coming from Laptop1. Which filter will achieve the desired result?
Correct Answer: A
The objective is to create a filter that identifies all login attempts to the FortiAnalyzer web interface (GUI) coming fromLaptop1(IP 10.1.1.100) and excludes the admin user. This filter should match any user other than admin. * Filter Components Analysis: * Operation-login: This portion of the filter will target login actions specifically, which is correct for filtering login attempts. * performed_on==''GUI(10.1.1.100)': This indicates that the login attempt must occur on the GUI interface and originate from the specified IP, which matches Laptop1's IP address (10.1.1.100). This ensures that the filter only matches GUI logins from this specific device. * user!=admin: This part excludes logins by the admin user, meeting the requirement to capture only non-admin users. * Option Analysis: * Option A: Correctly specifies theOperation-login,performed_on==''GUI(10.1.1.100)', and user!=admin. This setup effectively filters login attempts to the GUI from Laptop1, excluding the admin user. * Option B: Uses the incorrect IP 10.1.1.120 in the performed_on filter, which does not match Laptop1's IP (10.1.1.100). * Option C: This option includessrcip==10.1.1.100anddstip==10.1.1.210but incorrectly specifies user==admininstead ofuser!=admin, which does not match the requirement to exclude admin users. * Option D: This option does not specify theperformed_onfield to restrict it to the GUI and only includesdstip(destination IP) withoutsrcip. It also incorrectly uses user!-admin instead of the correct syntaxuser!=admin. Conclusion: * Correct Answer:A. Operation-login and performed_on==''GUI(10.1.1.100)' and user!=admin * This filter precisely captures the required conditions: login attempts from Laptop1 to the GUI interface by any user except admin. References: * FortiAnalyzer 7.4.1 documentation on log filters, syntax for login operations, and GUI login tracking.
Question 8
You are tasked with finding logs corresponding to a suspected attack on your network. You need to use an interface where all identified threats within timeframe are listed and organized. You also need to be able to quickly export the information to a PDF file. Where can you go to accomplish this task?
Correct Answer: C
Question 9
Which FortiAnalyzer feature allows you to use a proactive approach when managing your network security?
Correct Answer: D
FortiAnalyzer offers several features for monitoring, alerting, and incident management, each serving different purposes. Let's examine each option to determine which one best supports a proactive security approach. * Option A - FortiView Monitor: * FortiView is a visualization tool that provides real-time and historical insights into network traffic, threats, and logs. While it gives visibility into network activity, it is generally more reactive than proactive, as it relies on existing log data and incidents. * Conclusion:Incorrect. * Option B - Outbreak Alert Services: * Outbreak Alert Services in FortiAnalyzer notify administrators of emerging threats and outbreaks based on FortiGuard intelligence. This is beneficial for awareness of potential threats but does not offer a hands-on, investigative approach. It's more of a notification service rather than an active, proactive investigation tool. * Conclusion:Incorrect. * Option C - Incidents Dashboard: * The Incidents Dashboard provides a summary of incidents and current security statuses within the network. While it assists with ongoing incident response, it is used to manage and track existing incidents rather than proactively identifying new threats. * Conclusion:Incorrect. * Option D - Threat Hunting: * Threat Hunting in FortiAnalyzer enables security analysts to actively search for hidden threats or malicious activities within the network by leveraging historical data, analytics, and intelligence. This is a proactive approach as it allows analysts to seek out threats before they escalate into incidents. * Conclusion:Correct. Conclusion: * Correct Answer:D. Threat hunting * Threat hunting is the most proactive feature among the options, as it involves actively searching for threats within the network rather than reacting to already detected incidents. References: * FortiAnalyzer 7.4.1 documentation on Threat Hunting and proactive security measures.
Question 10
Which two statements express the advantages of grouping similar reports? (Choose two.)
