Which two statements are true regarding the outbreak detection service? (Choose two.)

A. New alerts are received by email.

B. Outbreak alerts are available on the root ADOM only.

C. An additional license is required.

D. It automatically downloads new event handlers and reports.

A playbook contains five tasks in total. An administrator runs the playbook and four out of five tasks finish successfully, but one task fails. What will be the status of the playbook after it is run?

A. Running

B. Failed

C. Upstream_failed

D. Success

Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally?
(Choose two.)

A. Mail server

B. Output profile

C. SFTP server

D. Report scheduling

Which statement about the communication between FortiGate high availability (HA) clusters and FortiAnalyzer is true?

A. If devices were registered to FortiAnalyzer before forming a cluster, you can manually add them together.

B. FortiAnalyzer distinguishes each cluster member by the IP addresses in log message headers.

C. If the HA primary device becomes unavailable, you must remove it from the HA cluster list on FortiAnalyzer.

D. The FortiGate HA cluster must be in active-passive mode in order to avoid conflict.

A rogue administrator was accessing FortiAnalyzer without permission, and you are tasked to see what activity was performed by that rogue administrator on FortiAnalyzer.
What can you do on FortiAnalyzer to accomplish this?

A. Click FortiView and generate a report for that administrator.

B. Click Task Monitor and view the tasks performed by that administrator.

C. Click Log View and generate a report for that administrator.

D. View the tasks performed by the rogue administrator in Fabric View.

Which item must you configure on FortiAnalyzer to email generated reports automatically?

A. Output profile

B. Report scheduling

C. SFTP server

D. SNMP server

Which statement about the FortiSIEM management extension is correct?

A. Allows you to manage the entire life cycle of a threat or breach.

B. Its use of the available disk space is capped at 50%.

C. It requires a licensed FortiSIEM supervisor.

D. It can be installed as a dedicated VM.

Which two statements express the advantages of grouping similar reports? (Choose two.)

A. Improve report completion time.

B. Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

C. Reduce the number of hcache tables and improve auto-hcache completion time.

D. Provides a better summary of reports.

What are the operating modes of FortiAnalyzer? (Choose two)

A. Standalone

B. Manager

C. Analyzer

D. Collector

On FortiAnalyzer, what is a wildcard administrator account?

A. An account that permits access to members of an LDAP group

B. An account that allows guest access with read-only privileges

C. An account that requires two-factor authentication

D. An account that validates against any user account on a FortiAuthenticator

By default, what happens when a log file reaches its maximum file size?

A. FortiAnalyzer overwrites the log files.

B. FortiAnalyzer stops logging.

C. FortiAnalyzer rolls the active log by renaming the file.

D. FortiAnalyzer forwards logs to syslog.

If a hard disk fails on a FortiAnalyzer that supports software RAID, what should you do to bring the FortiAnalyzer back to functioning normally, without losing data?

A. Hot swap the disk

B. Replace the disk and rebuild the RAID manually

C. Take no action if the RAID level supports a failed disk

D. Shut down FortiAnalyzer and replace the disk