Refer to the exhibit.

Assume that all devices in the FortiAnalyzer Fabric are shown in the image.
Which two statements about the FortiAnalyzer Fabric deployment are true? (Choose two.)

• A.FortiGate-B1 and FortiGate-B2 are in a Security Fabric.
• B.There is no collector in the topology.
• C.All FortiGate devices are directly registered to the supervisor.
• D.FAZ-SiteA has two ADOMs enabled.

Comment: *

Name: *

Email: *

Verification: *

Exhibit:

Which observation about this FortiAnalyzer Fabric deployment architecture is true?

• A.The AMER HQ SOC team cannot run automation playbooks from the Fabric supervisor.
• B.The AMER HQ SOC team must configure high availability (HA) for the supervisor node.
• C.The EMEA SOC team has access to historical logs only.
• D.The APAC SOC team has access to FortiView and other reporting functions.

Comment: *

Name: *

Email: *

Verification: *

Which two ways can you create an incident on FortiAnalyzer? (Choose two.)

• A.Using a connector action
• B.Manually, on the Event Monitor page
• C.By running a playbook
• D.Using a custom event handler

Comment: *

Name: *

Email: *

Verification: *

Which National Institute of Standards and Technology (NIST) incident handling phase involves removing malware and persistence mechanisms from a compromised host?

• A.Containment
• B.Analysis
• C.Eradication
• D.Recovery

Comment: *

Name: *

Email: *

Verification: *

Which FortiAnalyzer feature uses the SIEM database for advance log analytics and monitoring?

• A.Threat hunting
• B.Asset Identity Center
• C.Event monitor
• D.Outbreak alerts

Comment: *

Name: *

Email: *

Verification: *