FCP_FAZ_AN-7.6 Practice Questions

When a generated report does not include the expected information despite the logs being present, there are several factors to check to ensure accurate datarepresentation in the report.

Option A - Check the Time Frame Covered by the Report:

Reports are generated based on a specified time frame. If the time frame does not encompass the period when the relevant logs were collected, those logs will not appear in the report. Ensuring the time frame is correctly set to cover the intended logs is crucial for accurate report content.

Conclusion:Correct.

Option B - Disable Auto-Cache:

Auto-cache is a feature in FortiAnalyzer that helps optimize report generation by using cached data for frequently used datasets. Disabling auto-cache is generally not necessary unless there is an issue with outdated data being used. In most cases, it does not directly impact whether certain logs are included in a report.

Conclusion:Incorrect.

Option C - Increase the Report Utilization Quota:

The report utilization quota controls the resource limits for generating reports. While insufficient quota might prevent a report from generating or completing, it does not typically cause specific log entries to be missing. Therefore, this option is not directly relevant to missing data within the report.

Conclusion:Incorrect.

Option D - Test the Dataset:

Datasets in FortiAnalyzer define which logs and fields are pulled into the report. If a dataset is misconfigured, it could exclude certain logs. Testing the dataset helps verify that the correct data is being pulled and that all required logs are included in the report parameters.

Conclusion:Correct.

Conclusion:

Correct Answer:

A.  

Check the time frame covered by the reportand

D.  

Test the dataset.

These actions directly address the issues that could cause missing information in a report when logs are available but not displayed.

Comprehensive and Detailed Explanation From Exact Extract of knowledge of FortiAnalyzer 7.6 Study guide documents:

The FortiAnalyzer study guide explains that IOC identification is performed by comparing relevant log fields against the FortiGuard threat database. Specifically, it states:“Depending on the log type, FortiAnalyzer identifies possible compromised hosts by checking the threat database against the log's IP address, domain, and URL.”

From this extract, two of the explicit parameters FortiAnalyzer uses for IOC detection areIP addressandURL(both listed verbatim). Policy ID and application category are not part of the IOC matching parameters described for threat-database checks in this context.

This is further consistent with the study guide’s definition of indicator types, which states:“There are three types of indicators: IP addresses, URLs, and domains.”