FCP_FAZ_AN-7.4-JPN 試験問題 21
アウトブレイク検出サービスに関する次の記述のうち、正しいものはどれですか。(2 つ選択してください。)
正解: C,D
FCP_FAZ_AN-7.4-JPN 試験問題 22
展示する。
アナリストは何を作成しようとしているのでしょうか?
アナリストは何を作成しようとしているのでしょうか?
正解: B
In the exhibit, the playbook configuration shows the analyst working with the "Attach Data" action within a playbook. Here's a breakdown of key aspects:
Incident ID: This field is linked to the "Playbook Starter," which indicates that the playbook will attach data to an existing incident.
Attachment: The analyst is configuring an attachment by selecting Run_REPORT with a placeholder ID for report_uuid. This suggests that the report's UUID will dynamically populate as part of the playbook execution.
Analysis of Options:
Option A - Creating a Trigger Variable:
A trigger variable would typically be set up in the playbook starter or initiation configuration, not within the "Attach Data" action. The setup here does not indicate a trigger, as it's focusing on data attachment.
Conclusion: Incorrect.
Option B - Creating an Output Variable:
The field Attachment with a report_uuid placeholder suggests that the analyst is defining an output variable that will store the report data or ID, allowing it to be attached to the incident. This variable can then be referenced or passed within the playbook for further actions or reporting.
Conclusion: Correct.
Option C - Creating a Report in the Playbook:
While Run_REPORT is selected, it appears to be an attachment action rather than a report generation task. The purpose here is to attach an existing or dynamically generated report to an incident, not to create the report itself.
Conclusion: Incorrect.
Option D - Creating a SOC Report:
Similarly, this configuration is focused on attaching data, not specifically generating a SOC report. SOC reports are generally predefined and generated outside the playbook.
Conclusion: Incorrect.
Conclusion:
Correct Answe r : B. The analyst is trying to create an output variable to be used in the playbook.
The setup allows the playbook to dynamically assign the report_uuid as an output variable, which can then be used in further actions within the playbook.
Reference:
FortiAnalyzer 7.4.1 documentation on playbook configurations, output variables, and data attachment functionalities.
Incident ID: This field is linked to the "Playbook Starter," which indicates that the playbook will attach data to an existing incident.
Attachment: The analyst is configuring an attachment by selecting Run_REPORT with a placeholder ID for report_uuid. This suggests that the report's UUID will dynamically populate as part of the playbook execution.
Analysis of Options:
Option A - Creating a Trigger Variable:
A trigger variable would typically be set up in the playbook starter or initiation configuration, not within the "Attach Data" action. The setup here does not indicate a trigger, as it's focusing on data attachment.
Conclusion: Incorrect.
Option B - Creating an Output Variable:
The field Attachment with a report_uuid placeholder suggests that the analyst is defining an output variable that will store the report data or ID, allowing it to be attached to the incident. This variable can then be referenced or passed within the playbook for further actions or reporting.
Conclusion: Correct.
Option C - Creating a Report in the Playbook:
While Run_REPORT is selected, it appears to be an attachment action rather than a report generation task. The purpose here is to attach an existing or dynamically generated report to an incident, not to create the report itself.
Conclusion: Incorrect.
Option D - Creating a SOC Report:
Similarly, this configuration is focused on attaching data, not specifically generating a SOC report. SOC reports are generally predefined and generated outside the playbook.
Conclusion: Incorrect.
Conclusion:
Correct Answe r : B. The analyst is trying to create an output variable to be used in the playbook.
The setup allows the playbook to dynamically assign the report_uuid as an output variable, which can then be used in further actions within the playbook.
Reference:
FortiAnalyzer 7.4.1 documentation on playbook configurations, output variables, and data attachment functionalities.
FCP_FAZ_AN-7.4-JPN 試験問題 23
展示する。
表示されたイベントに関するどの記述が正しいですか?
表示されたイベントに関するどの記述が正しいですか?
正解: B
In FortiOS and FortiAnalyzer logging systems, when an event has a status of "Mitigated" in the Event Status column, it typically indicates that the system took action to address the identified threat. In this case, the Web Filter blocked the web request to a suspicious destination, and the event status "Mitigated" confirms that the action was successfully implemented to neutralize or block the security risk.
Let's review the answer options:
Option A: The risk source is isolated.
This is incorrect because "isolated" would imply that FortiGate took further steps to prevent the source device from communicating with the network. There is no indication of isolation in this event status.
Option B: The security risk was blocked or dropped.
This is correct. The "Mitigated" status, along with the Web Filter event type and the accompanying description, implies that the FortiGate or FortiAnalyzer successfully blocked or dropped the suspicious web request, which corresponds to the term "mitigated." Option C: The security event risk is considered open.
This is incorrect because an open status would indicate that no action was taken, or the threat is still present. The "Mitigated" status indicates that the threat has been addressed.
Option D: An incident was created from this event.
This option is not correct or evident based on the given display. Although FortiAnalyzer or FortiGate could escalate certain events to incidents, this is not indicated here.
Reference:
The FortiOS 7.4.1 and FortiAnalyzer 7.4.1 documentation specify that "Mitigated" status in logs means the identified threat was handled, usually by blocking or dropping the action associated with the event, particularly with Web Filter and Security Policy logs.
Let's review the answer options:
Option A: The risk source is isolated.
This is incorrect because "isolated" would imply that FortiGate took further steps to prevent the source device from communicating with the network. There is no indication of isolation in this event status.
Option B: The security risk was blocked or dropped.
This is correct. The "Mitigated" status, along with the Web Filter event type and the accompanying description, implies that the FortiGate or FortiAnalyzer successfully blocked or dropped the suspicious web request, which corresponds to the term "mitigated." Option C: The security event risk is considered open.
This is incorrect because an open status would indicate that no action was taken, or the threat is still present. The "Mitigated" status indicates that the threat has been addressed.
Option D: An incident was created from this event.
This option is not correct or evident based on the given display. Although FortiAnalyzer or FortiGate could escalate certain events to incidents, this is not indicated here.
Reference:
The FortiOS 7.4.1 and FortiAnalyzer 7.4.1 documentation specify that "Mitigated" status in logs means the identified threat was handled, usually by blocking or dropping the action associated with the event, particularly with Web Filter and Security Policy logs.
FCP_FAZ_AN-7.4-JPN 試験問題 24
FortiSOAR 管理拡張機能に関する正しい記述はどれですか?
正解: C
The FortiSOAR management extension is designed as an independent security orchestration, automation, and response (SOAR) solution that integrates with other Fortinet products but requires its own dedicated device or virtual machine (VM) environment. FortiSOAR is not natively integrated as a container or service within FortiAnalyzer or FortiManager, and it operates separately to manage complex security workflows and incident responses across various platforms.
Let's examine each option to determine the correct answer:
Option A: It requires a FortiManager configured to manage FortiGate
This is incorrect. FortiSOAR operates independently of FortiManager. While FortiSOAR can receive input or data from FortiGate (often managed by FortiManager), it does not require FortiManager to be part of its setup.
Option B: It runs as a docker container on FortiAnalyzer
This is incorrect. FortiSOAR does not run as a container within FortiAnalyzer. It requires its own dedicated environment, either as a physical device or a virtual machine, due to the resource requirements and specialized functions it performs.
Option C: It requires a dedicated FortiSOAR device or VM
This is correct. FortiSOAR is deployed as a standalone device or VM, which enables it to handle the intensive processing needed for orchestrating security operations, integrating with third-party tools, and automating responses across an organization's security infrastructure.
Option D: It does not include a limited trial by default
This is incorrect. FortiSOAR installations may come with trial options or demos in specific scenarios, especially for evaluation purposes. This depends on licensing and deployment policies.
Let's examine each option to determine the correct answer:
Option A: It requires a FortiManager configured to manage FortiGate
This is incorrect. FortiSOAR operates independently of FortiManager. While FortiSOAR can receive input or data from FortiGate (often managed by FortiManager), it does not require FortiManager to be part of its setup.
Option B: It runs as a docker container on FortiAnalyzer
This is incorrect. FortiSOAR does not run as a container within FortiAnalyzer. It requires its own dedicated environment, either as a physical device or a virtual machine, due to the resource requirements and specialized functions it performs.
Option C: It requires a dedicated FortiSOAR device or VM
This is correct. FortiSOAR is deployed as a standalone device or VM, which enables it to handle the intensive processing needed for orchestrating security operations, integrating with third-party tools, and automating responses across an organization's security infrastructure.
Option D: It does not include a limited trial by default
This is incorrect. FortiSOAR installations may come with trial options or demos in specific scenarios, especially for evaluation purposes. This depends on licensing and deployment policies.
FCP_FAZ_AN-7.4-JPN 試験問題 25
FortiAnalyzer のアーカイブ ログについて説明している文はどれですか。
正解: C
In FortiAnalyzer, archive logs refer to logs that have been compressed and stored to save space. This process involves compressing the raw log files into the .gz format, which is a common compression format used in Fortinet systems for archived data. Archiving is essential in FortiAnalyzer to optimize storage and manage long-term retention of logs without impacting performance.
Let's examine each option for clarity:
Option A: Logs that are indexed and stored in the SQL database
This is incorrect. While some logs are indexed and stored in an SQL database for quick access and searchability, these are not classified as archive logs. Archived logs are typically moved out of the database and compressed.
Option B: Logs a FortiAnalyzer administrator can access in FortiView
This is incorrect because FortiView primarily accesses logs that are active and indexed, not archived logs. Archived logs are stored for long-term retention but are not readily available for immediate analysis in FortiView.
Option C: Logs compressed and saved in files with the .gz extension
This is correct. Archive logs on FortiAnalyzer are stored in compressed .gz files to reduce space usage. This archived format is used for logs that are no longer immediately needed in the SQL database but are retained for historical or compliance purposes.
Option D: Logs previously collected from devices that are offline
This is incorrect. Although archived logs may include data from devices that are no longer online, this is not a defining characteristic of archive logs.
Let's examine each option for clarity:
Option A: Logs that are indexed and stored in the SQL database
This is incorrect. While some logs are indexed and stored in an SQL database for quick access and searchability, these are not classified as archive logs. Archived logs are typically moved out of the database and compressed.
Option B: Logs a FortiAnalyzer administrator can access in FortiView
This is incorrect because FortiView primarily accesses logs that are active and indexed, not archived logs. Archived logs are stored for long-term retention but are not readily available for immediate analysis in FortiView.
Option C: Logs compressed and saved in files with the .gz extension
This is correct. Archive logs on FortiAnalyzer are stored in compressed .gz files to reduce space usage. This archived format is used for logs that are no longer immediately needed in the SQL database but are retained for historical or compliance purposes.
Option D: Logs previously collected from devices that are offline
This is incorrect. Although archived logs may include data from devices that are no longer online, this is not a defining characteristic of archive logs.
- 最新アップロード
- 104Oracle.1z0-1057-25.v2026-06-04.q45
- 104Amazon.AWS-Certified-Developer-Associate.v2026-06-04.q323
- 106Fortinet.FCSS_SDW_AR-7.4.v2026-06-04.q76
- 131SAP.C_THR88_2505.v2026-06-03.q76
- 149WGU.Web-Development-Applications.v2026-06-03.q73
- 134Salesforce.Mule-Dev-301.v2026-06-02.q22
- 181CISI.IFC.v2026-06-02.q111
- 194Huawei.H13-611_V5.0.v2026-06-01.q113
- 226Cisco.200-201.v2026-06-01.q230
- 184Huawei.H35-211_V2.5.v2026-06-01.q109