You finished registering a FortiGate device. After traffic starts to flow through FortiGate. you notice that only some of the logs expected are being received on FortiAnalyzer.
What could be the reason for the logs not arriving on FortiAnalyzer?

1. A. FortiGate does not have logging configured correctly.
2. B. This FortiGate model is not fully supported.
3. C. This FortiGate is part of an HA cluster but it is the secondary device.
4. D. FortiGate was added to the wrong ADOM type.

Correct Answer: A
When only some of the expected logs from a FortiGate device are being received on FortiAnalyzer, it often indicates a configuration issue on the FortiGate side. Proper logging configuration on FortiGate involves specifying what types of logs to generate (e.g., traffic, event, security logs) and ensuring that these logs are directed to the FortiAnalyzer unit for storage and analysis. If the logging settings on FortiGate are not correctly configured, it could result in incomplete log data being sent to FortiAnalyzer. This might include missing logs for certain types of traffic or events that are not enabled for logging on the FortiGate device. Ensuring comprehensive logging is enabled and correctly directed to FortiAnalyzer is crucial for full visibility into network activities and for the effective analysis and reporting of security incidents and network performance.

Which two of the available registration methods place the device automatically in its assigned ADOM? (Choose two.)

1. A. Request from the device
2. B. Serial number
3. C. Fabric Authorization
4. D. Pre-shared key

Correct Answer: BC
The registration methods that automatically place a device in its assigned ADOM are using the serial number and fabric authorization. When devices are added to FortiAnalyzer using these methods, they are automatically placed in the appropriate ADOM, which could be a default ADOM based on the device type or a predefined ADOM based on the serial number or fabric authorization. This simplifies the management of devices and their logs by organizing them into their respective ADOMs from the moment they are registered. Reference: FortiAnalyzer 7.4.1 Administration Guide, 'Default device type ADOMs' and 'Assigning devices to an ADOM' sections.

What is true about FortiAnalyzer reports?

1. A. When you enable auto-cache, reports are scheduled by default.
2. B. Reports can be saved in a CSV format.
3. C. You require an output profile before reports are generated.
4. D. The reports from one ADOM are available for all ADOMs.

Correct Answer: C
For FortiAnalyzer reports, an output profile must be configured before reports can be generated and sent to an external server or system. This output profile determines how the reports are distributed, whether by email, uploaded to a server, or any other supported method. The options such as auto-cache, saving reports in CSV format, or reports availability across different ADOMs are separate features/settings and not directly related to the requirement of having an output profile for report generation.

Which two settings must you configure on FortiAnalyzer to allow non-local administrators to authenticate on FortiAnalyzer with any user account in a single LDAP group? (Choose two.)

1. A. LDAP servers IP addresses added as trusted hosts
2. B. One or more remote LDAP servers
3. C. A local wildcard administrator account
4. D. An administrator group

Correct Answer: BD
To allow non-local administrators to authenticate on FortiAnalyzer with any user account in a single LDAP group, you must configure one or more remote LDAP servers and an administrator group. First, you configure the LDAP server(s) by specifying the server name, IP, and other details such as the Common Name Identifier and Distinguished Name. Then, you add the LDAP server to a user group. Finally, you create an administrator account that uses this user group for authentication, allowing any user from the specified LDAP group to authenticate.References:FortiAnalyzer 7.2 Administrator Guide, "Configuring remote authentication for administrators using LDAP" section.

An administrator, fortinet, can view logs and perform device management tasks, such as adding and removing registered devices.
However, administrator fortinet is not able to create a mail server that can be used to send alert emails.
What can be the problem?

1. A. ADOM mode is configured with Advanced mode.
2. B. fortinet is assigned the Standard_User administrative profile.
3. C. A trusted host is configured.
4. D. fortinet is assigned Restricted_User administrative profile.

Correct Answer: B
If the administrator 'fortinet' can view logs and perform device management tasks but cannot create a mail server for alert emails, it is likely due to the administrative profile assigned to them. The Standard_User administrative profile may restrict certain administrative functions, such as creating mail servers. To perform all administrative tasks, including creating mail servers, a higher privilege profile, such as Super_Admin, might be required. Reference: FortiAnalyzer 7.2 Administrator Guide, 'Mail Server' section.