Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

FCP_FAZ_AN-7.6 Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst Questions and Answers

Questions 4

Which statement describes archive logs on FortiAnalyzer?

Options:

A.

Logs that are indexed and stored in the SQL database

B.

Logs a FortiAnalyzer administrator can access in FortiView

C.

Logs compressed and saved in files with the .gz extension

D.

Logs previously collected from devices that are offline

Buy Now
Questions 5

Exhibit.

Based on the partial outputs displayed, which devices can be members of a FortiAnalyzer Fabric?

Options:

A.

FortiAnalyzer1 and FortiAnalyzer3

B.

FortiAnalyzer1 and FortiAnalyzer2

C.

FortiAnalyzer2 and FortiAnalyzer3

D.

All devices listed can be members.

Buy Now
Questions 6

Refer to the exhibit.

An analyst is using FortiView to look at the top threats recorded by FortiAnalyzer in the last 2 hours. What can the analyst conclude from the exhibit? (Choose one answer)

Options:

A.

There are cross-site scripting (XSS) attacks on an Apache web server.

B.

The attacks that have CVE IDs attached require priority attention.

C.

Only IPS threats constitute genuine threats.

D.

There are no critical level threats.

Buy Now
Questions 7

As part of your analysis, you discover that a Medium severity level incident is fully remediated.

You change the incident status to Closed:Remediated.

Which statement about your update is true?

Options:

A.

The incident can no longer be deleted.

B.

The corresponding event will be marked as Mitigated.

C.

The incident dashboard will be updated.

D.

The incident severity will be lowered.

Buy Now
Questions 8

Refer to the exhibits.

The event shown in the exhibit has been escalated to an incident.

Which SOC role is responsible for handling the escalated incident?

Options:

A.

Threat hunter

B.

Security analyst

C.

SOC engineer

D.

Incident responder

Buy Now
Questions 9

You are trying to configure a task in the playbook editor to run a report.

However, when you try to select the desired playbook, you do to see it listed.

What is the reason?

Options:

A.

The report does not have auto-cache and extended log filtering enabled.

B.

The playbook is currently running and will be available after it is finished.

C.

You must create a trigger to run the report first.

D.

The report has no result and must be reconfigured.

Buy Now
Questions 10

After generating a report, you notice the information you were expecting to see is not included in it. However, you confirm that the logs are there:

Which two actions should you perform? (Choose two.)

Options:

A.

Check the time frame covered by the report.

B.

Disable auto-cache.

C.

Increase the report utilization quota.

D.

Test the dataset.

Buy Now
Questions 11

Exhibit.

What is the purpose of using the Chart Builder feature on FortiAnalyzer?

Options:

A.

To build a chart automatically based on the top 100 log entries

B.

To add charts directly to generate reports in the current ADOM.

C.

To add a new chart under FortiView to be used in new reports

D.

To build a dataset and chart based on the filtered search results

Buy Now
Questions 12

What is the purpose of running the command diagnose sql status sqlreportd?

Options:

A.

To view a list of scheduled reports

B.

To list the current SQL processes running

C.

To display the SQL query connections and hcache status

D.

To identify the database log insertion status

Buy Now
Questions 13

Which two statements about playbook execution are true? (Choose two.)

Options:

A.

FortiAnalyzer will not commit changes made by a Failed playbook

B.

The Playbook Monitor provides troubleshooting logs

C.

You can run the default debugging playbook to investigate playbook errors.

D.

Even if the playbook status is Failed, individual tasks may have succeeded.

Buy Now
Questions 14

(An analyst is using FortiAI on FortiAnalyzer to simplify certain tasks but is worried about exceeding the monthly token limit. Which query will take the fewest FortiAI tokens? (Choose one answer)

Options:

A.

Show logs for 192.168.1.10 (past week)

B.

Show all logs from the past week

C.

Can you show me all the log entries for the endpoint 192.168.1.10?

D.

Show logs for 192.168.1.10

Buy Now
Questions 15

Exhibit.

What can you conclude about the output?

Options:

A.

The message rate being lower that the log rate is normal.

B.

Both messages and logs are almost finished indexing.

C.

There are more traffic logs than event logs.

D.

The output is ADOM-specific

Buy Now
Questions 16

Which log will generate an event with the status Unhandled?

Options:

A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

C.

A WebFilter log with action=dropped.

D.

An AppControl log with action=blocked.

Buy Now
Questions 17

Which statement correctly describes one difference between templates and reports?

Options:

A.

Reports support macros but templates do not

B.

Templates can be cloned, but reports cannot be cloned.

C.

Templates do not include advanced report settings, but reports do.

D.

Reports can be moved between ADOMs but templates cannot.

Buy Now
Questions 18

(Refer to the exhibit.

Which two observations can you make after reviewing this log entry? (Choose two answers)

Options:

A.

This is a normalized log.

B.

This is a formatted view of the log.

C.

This is the original log that FortiAnalyzer received from FortiGate.

D.

This log is in a raw log format.

Buy Now
Questions 19

Which statement about sending notifications with incident update is true?

Options:

A.

You can send notifications to multiple external platforms.

B.

Notifications can be sent only by email.

C.

If you use multiple fabric connectors, all connectors must have the same settings.

D.

Notifications can be sent only when an incident is updated or deleted.

Buy Now
Questions 20

Refer to the exhibit.

An analyst is using FortiView to examine the top threats observed over the last 2 hours. What can the analyst conclude from the exhibit?

Options:

A.

A cross-site scripting (XSS) attack occurred on a DNS server.

B.

FortiAnalyzer has logged only three types of IPS attacks.

C.

An SQL injection attack occurred on an application

D.

Malware attacks should be prioritized over IPS attacks.

Buy Now
Questions 21

Refer to Exhibit:

What does the data point at 21:20 indicate?

Options:

A.

FortiAnalyzer is indexing logs faster than logs are being received.

B.

The fortilogd daemon is ahead in indexing by one log.

C.

The SQL database requires a rebuild because of high receive lag.

D.

FortiAnalyzer is temporarily buffering received logs so older logs can be indexed first.

Buy Now
Questions 22

Exhibit.

What is the analyst trying to create?

Options:

A.

The analyst is trying to create a trigger variable to the used in the playbook.

B.

The analyst is trying to create an output variable to be used in the playbook.

C.

The analyst is trying to create a report in the playbook.

D.

The analyst is trying to create a SOC report in the playbook.

Buy Now
Questions 23

(Which two parameters does FortiAnalyzer use to identify an indicator of compromise (IOC)? (Choose two answers)

Options:

A.

IP address

B.

URL

C.

Policy ID

D.

Application category

Buy Now
Exam Code: FCP_FAZ_AN-7.6
Exam Name: Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst
Last Update: Jun 30, 2026
Questions: 67
FCP_FAZ_AN-7.6 pdf

FCP_FAZ_AN-7.6 PDF

$25.5  $84.99
FCP_FAZ_AN-7.6 Engine

FCP_FAZ_AN-7.6 Testing Engine

$30  $99.99
FCP_FAZ_AN-7.6 PDF + Engine

FCP_FAZ_AN-7.6 PDF + Testing Engine

$40.5  $134.99