If the primary FortiAnalyzer in an HA cluster fails, how is the new primary elected?
Correct Answer:D
In the case of a primary device failure, FortiAnalyzer HA uses the following rules to select a new primary:
• All cluster devices are assigned a priority from 80 to 120. The default priority is 100. If the primary device becomes unavailable, the device with the highest priority is selected as the new primary device. For example, a device with a priority of 110 is selected over a device with a priority of 100.
• If multiple devices have the same priority, the device whose primary IP address has the greatest value is selected as the new primary device. For example, 123.45.67.124 is selected over 123.45.67.123.
• If a new device with a higher priority or a greater value IP address joins the cluster, the new device does not replace (or pre-empt) the current primary device automatically.
FortiAnalyzer_7.0_Study_Guide-Online page 62
Why should you use an NTP server on FortiAnalyzer and all registered devices that log into FortiAnalyzer?
Correct Answer:A
Which log will generate an event with the status Contained?
Correct Answer:C
What are two of the key features of FortiAnalyzer? (Choose two.)
Correct Answer:AC
Which daemon is responsible for enforcing the log file size?
Correct Answer:B
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 121: The logfiled process enforces the log file size and is also responsible for disk quota enforcement by monitoring the other processes.
Which statement is true regarding Macros on FortiAnalyzer?
Correct Answer:A
FortiAnalyzer_7.0_Study_Guide-Online.pdf page 283: Note that macros are ADOM-specific and supported in FortiGate and FortiCarrier ADOMs only.