[2026年06月19日]FCP_FAZ_AN-7.4日本語試験問題集PDF正確率保証と更新された問題
合格させるFCP_FAZ_AN-7.4日本語試験にはリアルテストエンジンPDFには58問題あります
質問 # 10
コマンド diagnose sql status sqlreportd を実行する目的は何ですか?
- A. 現在実行中のSQLプロセスを一覧表示する
- B. データベースログの挿入ステータスを識別する
- C. SQLクエリの接続とhcacheのステータスを表示します。
- D. スケジュールされたレポートのリストを表示するには
正解:C
質問 # 11
プレイブックには合計5つのタスクが含まれています。管理者がプレイブックを実行すると、5つのタスクのうち4つは正常に完了しましたが、1つのタスクは失敗しました。
プレイブックを実行した後のステータスはどうなりますか?
- A. 失敗
- B. アップストリームが失敗しました
- C. 注意が必要です
- D. 成功
正解:C
解説:
In FortiAnalyzer, when a playbook is run, each task's status impacts the overall playbook status. Here's what happens based on task outcomes:
Status When All Tasks Succeed:
If all tasks finish successfully, the playbook status is marked as Success.
Status When Some Tasks Fail:
If one or more tasks in the playbook fail, but others succeed, the playbook status generally changes to Attention required. This status indicates that the playbook completed execution but requires review due to one or more tasks failing.
This is different from a complete Failed status, which is used if the playbook cannot proceed due to a critical error in an early task, often one that upstream tasks depend on.
Option Analysis:
A . Attention required: This is correct as the playbook has completed, but with partial success and a task requiring review.
B . Upstream_failed: This status is used if a task cannot run because a prerequisite or "upstream" task failed. Since four out of five tasks completed, this is not the case here.
C . Failed: This status would imply that the playbook completely failed, which does not match the scenario where only one task out of five failed.
D . Success: This status would apply if all tasks had completed successfully, which is not the case here.
Conclusion:
Correct Answe r : A. Attention required
The playbook status reflects that it completed, but an error occurred in one of the tasks, prompting the administrator to review the failed task.
Reference:
FortiAnalyzer 7.4.1 documentation on playbook execution statuses and task error handling.
質問 # 12
プレイブックの実行に関する次の記述のうち正しいものはどれですか? (2 つ選択してください)
- A. プレイブックモニターはトラブルシューティングログを提供します
- B. FortiAnalyzerは失敗したプレイブックによって行われた変更をコミットしません
- C. デフォルトのデバッグ プレイブックを <un> して、プレイブックのエラーを調査できます。
正解:A、B
解説:
O Even I the playbook status is Failed, individual tasks may have succeeded.
質問 # 13
展示する。
アナリストは何を作成しようとしているのでしょうか?
- A. アナリストは、プレイブックで使用するトリガー変数を作成しようとしています。
- B. アナリストはプレイブックで SOC レポートを作成しようとしています。
- C. アナリストはプレイブックにレポートを作成しようとしています。
- D. アナリストは、プレイブックで使用する出力変数を作成しようとしています。
正解:D
解説:
In the exhibit, the playbook configuration shows the analyst working with the "Attach Data" action within a playbook. Here's a breakdown of key aspects:
Incident ID: This field is linked to the "Playbook Starter," which indicates that the playbook will attach data to an existing incident.
Attachment: The analyst is configuring an attachment by selecting Run_REPORT with a placeholder ID for report_uuid. This suggests that the report's UUID will dynamically populate as part of the playbook execution.
Analysis of Options:
Option A - Creating a Trigger Variable:
A trigger variable would typically be set up in the playbook starter or initiation configuration, not within the "Attach Data" action. The setup here does not indicate a trigger, as it's focusing on data attachment.
Conclusion: Incorrect.
Option B - Creating an Output Variable:
The field Attachment with a report_uuid placeholder suggests that the analyst is defining an output variable that will store the report data or ID, allowing it to be attached to the incident. This variable can then be referenced or passed within the playbook for further actions or reporting.
Conclusion: Correct.
Option C - Creating a Report in the Playbook:
While Run_REPORT is selected, it appears to be an attachment action rather than a report generation task. The purpose here is to attach an existing or dynamically generated report to an incident, not to create the report itself.
Conclusion: Incorrect.
Option D - Creating a SOC Report:
Similarly, this configuration is focused on attaching data, not specifically generating a SOC report. SOC reports are generally predefined and generated outside the playbook.
Conclusion: Incorrect.
Conclusion:
Correct Answe r : B. The analyst is trying to create an output variable to be used in the playbook.
The setup allows the playbook to dynamically assign the report_uuid as an output variable, which can then be used in further actions within the playbook.
Reference:
FortiAnalyzer 7.4.1 documentation on playbook configurations, output variables, and data attachment functionalities.
質問 # 14
FortiAnalyzer レポートで自動キャッシュを有効にすると、どのような 2 つの効果がありますか? (2 つ選択してください。)
- A. 新しいログが受信されると、ハードキャッシュ データが自動的に更新されます。
- B. レポートの生成時間が短縮されます。
- C. 新しく生成されるレポートのサイズは、ディスク領域を節約するために最適化されます。
- D. 生成されたレポートを保存するには、FortiAnalyzer ローカル キャッシュが使用されます。
正解:B、D
解説:
Enabling auto-cache in FortiAnalyzer reports is designed to improve the efficiency and speed of report generation by leveraging cached data. Let's analyze each option to determine which effects are correct.
* Option A - The Generation Time for Reports is Decreased:
* When auto-cache is enabled, FortiAnalyzer can use previously cached data instead of reprocessing all log data from scratch each time a report is generated. This results in faster report generation times, especially for recurring reports that use similar datasets.
* Conclusion: Correct.
* Option B - Hard-Cache Data is Automatically Updated When New Logs are Received:
* Enabling auto-cache does not immediately update the cache with every new log received. Instead, the cache is updated when reports are generated, based on the existing logs up to that point.
Therefore, auto-cache does not constantly refresh with each incoming log, which would be inefficient.
* Conclusion: Incorrect.
* Option C - FortiAnalyzer Local Cache is Used to Store Generated Reports:
* Auto-cache utilizes FortiAnalyzer's local cache to store data used in reports, reducing the need to retrieve and process logs repeatedly. This cached data can be reused for subsequent report generation, enhancing performance.
* Conclusion: Correct.
* Option D - The Size of Newly Generated Reports is Optimized to Conserve Disk Space:
* Auto-cache does not directly impact the size of the report files themselves. It focuses on performance optimization through cached data for faster access, but it does not compress or optimize the storage size of the generated report.
* Conclusion: Incorrect.
Conclusion:
* Correct answer: A. The generation time for reports is decreased and C. FortiAnalyzer local cache is used to store generated reports.
* Enabling auto-cache helps reduce report generation time by using locally cached data and optimizes report processing, though it does not impact report size or continuously update with each new log.
References:
FortiAnalyzer 7.4.1 documentation on report caching, auto-cache functionality, and report generation optimizations.
質問 # 15
FortiAnalyzer でデータベースにクエリを実行する場合、どの SQL クエリが正しい順序ですか?
- A. $log から devid 'user',, USER1' を GROUP BY devid で選択
- B. $log から devid を選択し、 'user' = ' GROUP BY devid
- C. SELECT DEVID WHERE 'user'-' USER1' FROM $log GROUP By DEVID
- D. $log から devid を選択し、 GROUP BY devid WHERE 'user',,' users1' を指定します。
正解:B
解説:
In FortiAnalyzer's SQL query syntax, the typical order for querying the database follows the standard SQL format, which is:
SELECT <column(s)> FROM <table> WHERE <condition(s)> GROUP BY <column(s)> Option D correctly follows this structure:
SELECT devid FROM $log: This specifies that the query is selecting the devid column from the $log table.
WHERE 'user' = ': This part of the query is intended to filter results based on a condition involving the user column. Although there appears to be a minor typographical issue (possibly missing the user value after =), it structurally adheres to the correct SQL order.
GROUP BY devid: This groups the results by devid, which is correctly positioned at the end of the query.
Let's briefly examine why the other options are incorrect:
Option A: SELECT devid FROM $log GROUP BY devid WHERE 'user', 'users1'
This is incorrect because the GROUP BY clause appears before the WHERE clause, which is out of order in SQL syntax.
Option B: SELECT FROM $log WHERE devid 'user', USER1' GROUP BY devid
This is incorrect because it lacks a column in the SELECT statement and the WHERE clause syntax is malformed.
Option C: SELCT devid WHERE 'user' - 'USER1' FROM $log GROUP BY devid
This is incorrect because the SELECT keyword is misspelled as SELCT, and the WHERE condition syntax is invalid.
質問 # 16
構成されたイベント ハンドラーに一致するイベントが発生したときに通知を送信するには、どの 2 つの方法を使用できますか? (2 つ選択してください)。
- A. SNMPトラップを送信する
- B. SMS通知を送信する
- C. FortiSIEM MEA経由でアラートを送信
- D. ファブリックコネクタを介してアラートを送信する
正解:A、B
解説:
In FortiAnalyzer, event handlers can be configured to trigger specific notifications when an event matches defined criteria. These notifications are designed to alert administrators in real time about critical events.
* Option B - Send SNMP Trap:
* FortiAnalyzer supports sending SNMP traps as one of the notification methods when an event matches an event handler. This allows integration with SNMP-enabled network management systems, which can then trigger further alerts or actions based on the trap received.
* Conclusion: Correct.
* Option C - Send SMS Notification:
* FortiAnalyzer also supports SMS notifications, enabling alerts to be sent via SMS to predefined recipients. This method is useful for administrators who require immediate alerts but may not have access to email or other notification systems at all times.
* Conclusion: Correct.
* Option A - Send Alert through Fabric Connectors:
* While Fabric Connectors allow FortiAnalyzer to interact with other parts of the Security Fabric, they are primarily used for data sharing and automation rather than directly for sending alerts or notifications.
* Conclusion: Incorrect.
* Option D - Send Alert through FortiSIEM MEA:
* FortiSIEM integration allows for data sharing and further analysis within the Fortinet ecosystem, but it does not directly act as a notification method from FortiAnalyzer itself.
* Conclusion: Incorrect.
Conclusion:
* Correct answer: B. Send SNMP trap and C. Send SMS notification
* These options represent valid notification methods for FortiAnalyzer's event handler configuration.
References:
FortiAnalyzer 7.4.1 documentation on event handler configuration and available notification methods.
質問 # 17
展示する。
表示されたイベントに関するどの記述が正しいですか?
- A. リスク源は分離されています。
- B. このイベントからインシデントが作成されました。
- C. セキュリティ イベントのリスクは未解決であると見なされます。
- D. セキュリティ リスクはブロックまたはドロップされました。
正解:C
質問 # 18
どのログが Contained ステータスのイベントを生成しますか?
- A. action=blocked の AppControl ログ。
- B. アクションが隔離された AV ログ。
- C. action=pass の IPS ログ。
- D. WebFilter ログは action=dropped になります。
正解:B
質問 # 19
生成されたレポートに、期待していた情報が含まれていないことに気づきました。ただし、ログは存在することを確認しました。
実行すべきアクションを 2 つ選択してください。
- A. データセットをテストします。
- B. レポート使用率の割り当てを増やします。
- C. 自動キャッシュを無効にします。
- D. レポートの対象となる時間枠を確認します。
正解:A、D
解説:
When a generated report does not include the expected information despite the logs being present, there are several factors to check to ensure accurate data representation in the report.
Option A - Check the Time Frame Covered by the Report:
Reports are generated based on a specified time frame. If the time frame does not encompass the period when the relevant logs were collected, those logs will not appear in the report. Ensuring the time frame is correctly set to cover the intended logs is crucial for accurate report content.
Conclusion: Correct.
Option B - Disable Auto-Cache:
Auto-cache is a feature in FortiAnalyzer that helps optimize report generation by using cached data for frequently used datasets. Disabling auto-cache is generally not necessary unless there is an issue with outdated data being used. In most cases, it does not directly impact whether certain logs are included in a report.
Conclusion: Incorrect.
Option C - Increase the Report Utilization Quota:
The report utilization quota controls the resource limits for generating reports. While insufficient quota might prevent a report from generating or completing, it does not typically cause specific log entries to be missing. Therefore, this option is not directly relevant to missing data within the report.
Conclusion: Incorrect.
Option D - Test the Dataset:
Datasets in FortiAnalyzer define which logs and fields are pulled into the report. If a dataset is misconfigured, it could exclude certain logs. Testing the dataset helps verify that the correct data is being pulled and that all required logs are included in the report parameters.
Conclusion: Correct.
Conclusion:
Correct Answe r : A. Check the time frame covered by the report and D. Test the dataset.
These actions directly address the issues that could cause missing information in a report when logs are available but not displayed.
Reference:
FortiAnalyzer 7.4.1 documentation on report generation settings, time frames, and dataset configuration.
質問 # 20
別紙参照:
21:20 のデータポイントは何を示していますか?
- A. FortiAnalyzer は、ログの受信よりも速くログのインデックスを作成しています。
- B. fortilogd デーモンは 1 ログ分インデックスを先行しています。
- C. FortiAnalyzer は受信したログを一時的にバッファリングしているので、古いログからインデックスを作成できます。
- D. 受信遅延が大きいため、SQL データベースの再構築が必要です。
正解:A
解説:
The exhibit shows a graph that tracks two metrics over time: Receive Rate and Insert Rate. These two rates are crucial for understanding the log processing behavior in FortiAnalyzer.
Understanding Receive Rate and Insert Rate:
Receive Rate: This is the rate at which FortiAnalyzer is receiving logs from connected devices.
Insert Rate: This is the rate at which FortiAnalyzer is indexing (inserting) logs into its database for storage and analysis.
Data Point at 21:20:
At 21:20, the Insert Rate line is above the Receive Rate line, indicating that FortiAnalyzer is inserting logs into its database at a faster rate than it is receiving them. This situation suggests that FortiAnalyzer is able to keep up with the incoming logs and is possibly processing a backlog or temporarily received logs faster than new logs are coming in.
Option Analysis:
Option A - FortiAnalyzer is Indexing Logs Faster Than Logs are Being Received: This accurately describes the scenario at 21:20, where the Insert Rate exceeds the Receive Rate. This indicates that FortiAnalyzer is handling logs efficiently at that moment, with no backlog in processing.
Option B - The fortilogd Daemon is Ahead in Indexing by One Log: The data does not provide specific information about the fortilogd daemon's log count, only the rates. This option is incorrect.
Option C - SQL Database Requires a Rebuild: High receive lag would imply a backlog in receiving and indexing logs, typically visible if the Receive Rate were significantly above the Insert Rate, which is not the case here.
Option D - FortiAnalyzer is Temporarily Buffering Logs to Index Older Logs First: There is no indication of buffering in this scenario. Buffering would usually occur if the Receive Rate were higher than the Insert Rate, indicating that FortiAnalyzer is storing logs temporarily due to indexing lag.
Conclusion:
Correct Answe r : A. FortiAnalyzer is indexing logs faster than logs are being received.
The graph at 21:20 shows a higher Insert Rate than Receive Rate, indicating efficient log processing by FortiAnalyzer.
Reference:
FortiAnalyzer 7.4.1 documentation on log processing metrics, Receive Rate, and Insert Rate indicators.
質問 # 21
プレイブック エディターでレポートを実行するタスクを構成しようとしています。
ただし、目的のプレイブックを選択しようとすると、そのプレイブックがリストに表示されません。
理由は何ですか?
- A. プレイブックは現在実行中であり、終了後に利用可能になります。
- B. レポートには結果がないので、再構成する必要があります。
- C. レポートでは自動キャッシュと拡張ログ フィルタリングが有効になっていません。
- D. 最初にレポートを実行するためのトリガーを作成する必要があります。
正解:C
質問 # 22
展示する。
この出力から何を結論づけることができますか?
- A. 隔離ファイルに割り当てられたディスク クォータがありません。
- B. ADOM1 に割り当てられたディスク容量は 3 GB です。
- C. アーカイブ ログは分析ログよりも多くのスペースを使用しています。
- D. FGT_B は、セキュリティ ファブリックのルートです。
正解:D
質問 # 23
テンプレートとレポートの違いを正しく説明している記述はどれですか?
- A. テンプレートはデバイスグループにマッピングされます。レポートはADOMにマッピングされます。
- B. テンプレートは複製できますが、レポートは複製できません。
- C. レポートはテンプレートよりも多くの設定オプションを提供します
- D. レポートはマクロをサポートしますが、テンプレートはサポートしません。
正解:A
質問 # 24
展示する。
Laptop1は、複数の管理者がFotiAnalyzerを管理するために使用しています。「admin」以外のユーザーによって生成された、Laptop1からのWebインターフェースへのすべてのログイン試行に一致する汎用テキストフィルターを設定したいと考えています。
どのフィルターが望ましい結果を達成しますか?
- A. 操作 - ログイン、実行先 == ''GUI(10.1.1.100)'、ユーザー = admin
- B. 操作ログイン、実行先==''GU (10.1.1.120)'、ユーザー!=admin
- C. 操作-ログイン、dstip==10.1.1.210、ユーザー!-admin
- D. 操作ログイン、srcip== 10.1.1.100、dstip==10.1.1.1.210、user==admin
正解:A
解説:
The objective is to create a filter that identifies all login attempts to the FortiAnalyzer web interface (GUI) coming from Laptop1 (IP 10.1.1.100) and excludes the admin user. This filter should match any user other than admin.
* Filter Components Analysis:
* Operation-login: This portion of the filter will target login actions specifically, which is correct for filtering login attempts.
* performed_on==''GUI(10.1.1.100)': This indicates that the login attempt must occur on the GUI interface and originate from the specified IP, which matches Laptop1's IP address (10.1.1.100). This ensures that the filter only matches GUI logins from this specific device.
* user!=admin: This part excludes logins by the admin user, meeting the requirement to capture only non-admin users.
* Option Analysis:
* Option A: Correctly specifies the Operation-login, performed_on==''GUI(10.1.1.100)', and user!=admin. This setup effectively filters login attempts to the GUI from Laptop1, excluding the admin user.
* Option B: Uses the incorrect IP 10.1.1.120 in the performed_on filter, which does not match Laptop1's IP (10.1.1.100).
* Option C: This option includes srcip==10.1.1.100 and dstip==10.1.1.210 but incorrectly specifies user==admin instead of user!=admin, which does not match the requirement to exclude admin users.
* Option D: This option does not specify the performed_on field to restrict it to the GUI and only includes dstip (destination IP) without srcip. It also incorrectly uses user!-admin instead of the correct syntax user!=admin.
Conclusion:
* Correct answer: A. Operation-login and performed_on==''GUI(10.1.1.100)' and user!=admin
* This filter precisely captures the required conditions: login attempts from Laptop1 to the GUI interface by any user except admin.
References:
FortiAnalyzer 7.4.1 documentation on log filters, syntax for login operations, and GUI login tracking.
質問 # 25
インシデントの更新を通知する送信に関する正しい記述はどれですか?
- A. インシデントが更新または削除された場合にのみ通知を送信できます。
- B. 通知は電子メールでのみ送信できます。
- C. 複数の外部プラットフォームに通知を送信できます。
- D. 複数のファブリック コネクタを使用する場合は、すべてのコネクタの設定が同じである必要があります。
正解:C
解説:
In FortiOS and FortiAnalyzer, incident notifications can be sent to multiple external platforms, not limited to a single method such as email. Fortinet's security fabric and integration capabilities allow notifications to be sent through various fabric connectors and third-party integrations. This flexibility is designed to ensure that incident updates reach relevant personnel or systems using preferred communication channels, such as email, Syslog, SNMP, or integration with SIEM platforms.
Let's review each answer option for clarity:
* Option A: You can send notifications to multiple external platforms
* This is correct. Fortinet's notification system is capable of sending updates to multiple platforms, thanks to its support for fabric connectors and external integrations. This includes options such as email, Syslog, SNMP, and others based on configured connectors.
* Option B: Notifications can be sent only by email
* This is incorrect. Although email is a common method, FortiOS and FortiAnalyzer support multiple notification methods through various connectors, allowing notifications to be directed to different platforms as per the organization's setup.
* Option C: If you use multiple fabric connectors, all connectors must have the same settings
* This is incorrect. Each fabric connector can have its unique configuration, allowing different connectors to be tailored for specific notification and integration requirements.
* Option D: Notifications can be sent only when an incident is updated or deleted
* This is incorrect. Notifications can be sent upon the creation of incidents, as well as upon updates or deletion, depending on the configuration.
* According to FortiOS and FortiAnalyzer 7.4.1 documentation, notifications for incidents can be configured across various platforms by using multiple connectors, and they are not limited to email alone. This capability is part of the Fortinet Security Fabric, allowing for a broad range of integrations with external systems and platforms for effective incident response.
質問 # 26
展示する。
12:20 のデータポイントは何を示していますか?
- A. FortiAnalyzer はログの削除を避けるためにキャッシュを使用しています。
- B. FortiAnalyzer のパフォーマンスがベースラインを下回っています。
- C. sqiplugind サービスはログに追いつきました
- D. ログ挿入ログ時間が増加しています。
正解:D
質問 # 27
FortiAnlyzer でインシデントを管理する場合、アナリストはどのような点に注意する必要がありますか?
- A. 生成されたレポートを手動でインシデントに添付できます。
- B. 重大度レベルが「高」と評価されたインシデントの初期サービス レベル アグリーメント (SLA) 応答時間は 1 時間です。
- C. インシデントのステータスは常に添付イベントのステータスにリンクされます。
- D. インシデントを分析する前に確認する必要があります。
正解:A
解説:
In FortiAnalyzer's incident management system, analysts have the option to manually manage incidents, which includes attaching relevant reports to an incident for further investigation and documentation. This feature allows analysts to consolidate information, such as detailed reports on suspicious activity, into an incident record, providing a comprehensive view for incident response.
Let's review the other options to clarify why they are incorrect:
Option A: You can manually attach generated reports to incidents
This is correct. FortiAnalyzer allows analysts to manually attach reports to incidents, which is beneficial for providing additional context, evidence, or analysis related to the incident. This functionality is part of the incident management process and helps streamline information for tracking and resolution.
Option B: The status of the incident is always linked to the status of the attached event This is incorrect. The status of an incident on FortiAnalyzer is managed independently of the status of any attached events. An incident can contain multiple events, each with different statuses, but the incident itself is tracked separately.
Option C: Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour This is incorrect. While incidents have severity levels, specific SLA response times are typically set according to the organization's incident response policy, and FortiAnalyzer does not impose a default SLA response time of 1 hour for high-severity incidents.
Option D: Incidents must be acknowledged before they can be analyzed
This is incorrect. Incidents on FortiAnalyzer can be analyzed even if they are not yet acknowledged. Acknowledging an incident is often part of the workflow to mark it as being actively addressed, but it is not a prerequisite for analysis.
質問 # 28
いくつかのレポートの生成に時間がかかっていることがわかりました。トラブルシューティングには、どの2つの手順を実行すればよいですか?(2つ選択してください。)
- A. レポート診断を確認する
- B. 自動キャッシュを有効にしてレポートを再度実行します
- C. ADOMレポートのクォータを増やす
- D. hcacheから古いレポートを削除します
正解:B、D
質問 # 29
プレイブックトリガー変数の目的は何ですか?
- A. プレイブックの実行時間に関する統計情報を表示します
- B. トリガーからの情報を使用してタスク内のアクションをフィルタリングします
- C. プレイブックの実行を開始するためのトリガー情報を提供する
- D. On_Scheduleトリガーでプレイブックの開始時刻を保存します
正解:A
質問 # 30
FortiAnlyzer でインシデントを管理する場合、アナリストはどのような点に注意する必要がありますか?
- A. 生成されたレポートを手動でインシデントに添付できます。
- B. 重大度レベルが「高」と評価されたインシデントの初期サービス レベル アグリーメント (SLA) 応答時間は 1 時間です。
- C. インシデントのステータスは常に添付イベントのステータスにリンクされます。
- D. インシデントを分析する前に確認する必要があります。
正解:A
解説:
In FortiAnalyzer's incident management system, analysts have the option to manually manage incidents, which includes attaching relevant reports to an incident for further investigation and documentation. This feature allows analysts to consolidate information, such as detailed reports on suspicious activity, into an incident record, providing a comprehensive view for incident response.
Let's review the other options to clarify why they are incorrect:
* Option A: You can manually attach generated reports to incidents
* This is correct. FortiAnalyzer allows analysts to manually attach reports to incidents, which is beneficial for providing additional context, evidence, or analysis related to the incident. This functionality is part of the incident management process and helps streamline information for tracking and resolution.
* Option B: The status of the incident is always linked to the status of the attached event
* This is incorrect. The status of an incident on FortiAnalyzer is managed independently of the status of any attached events. An incident can contain multiple events, each with different statuses, but the incident itself is tracked separately.
* Option C: Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour
* This is incorrect. While incidents have severity levels, specific SLA response times are typically set according to the organization's incident response policy, and FortiAnalyzer does not impose a default SLA response time of 1 hour for high-severity incidents.
* Option D: Incidents must be acknowledged before they can be analyzed
* This is incorrect. Incidents on FortiAnalyzer can be analyzed even if they are not yet acknowledged. Acknowledging an incident is often part of the workflow to mark it as being actively addressed, but it is not a prerequisite for analysis.
8 According to FortiAnalyzer documentation, analysts can attach reports to incidents manually, making option A correct. This feature enables better tracking and documentation within the incident management system on FortiAnalyzer.
質問 # 31
......
最新をゲットせよ!FCP_FAZ_AN-7.4日本語認定練習テスト問題試験問題集:https://jp.fast2test.com/FCP_FAZ_AN-7.4-JPN-premium-file.html