Fortinet Updated FCP_FAZ_AN-7.6 Exam Questions and Answers by damien

Exact Extract: Study Guide p.187: troubleshoot slow reports by reviewing diagnostics and enabling auto-cache to reduce generation time.

Technical Deep Dive: The correct answers are B and D. When reports take too long, Fortinet recommends checking report diagnostics and hcache timing, log rates, insert/receive rate, and log insert lag. Enabling auto-cache is also a documented way to improve report generation performance. Option A is not a recommended troubleshooting step in the study guide; removing old hcache blindly can make reports slower because hcache must be rebuilt. Option C is not the relevant control for report generation time in this scenario.

Exact Extract: Study Guide p.139: one log message can consist of multiple logs in LZ4 format, explaining the log-rate/message-rate difference.

Technical Deep Dive: The correct answer is A. In the diagnostic output, the message rate being lower than the log rate is normal because FortiAnalyzer can receive a compressed log message that contains multiple individual logs. The log rate counts logs, while the message rate counts received log messages. Option B is not supported because the output does not prove indexing is almost finished. Option C cannot be inferred unless the command output breaks down traffic versus event log counts. Option D is wrong because these fortilogd rate commands are general logging statistics rather than an ADOM-specific view.

Exact Extract: The FortiAnalyzer 7.6 Analyst Study Guide states that administrators can use CLI commands “to gather log rate and device usage statistics” to understand “the log volume and whether your disk quota is configured appropriately.” It also explains that if log volume is too high, FortiAnalyzer may not be able to retain “analytics logs or archive logs for the amount of time configured in the ADOM.”

Technical Deep Dive: The correct answer is B because the exhibit shows the disk quota allocation for ADOM1 split into two major areas: Logs and Database . Under the ADOM1 row, the Logs quota is shown as 900.0 MB , and the Database quota is shown as 2.1 GB . When these are added together, the total allocated quota for ADOM1 is approximately 3 GB .

Option A is not the best answer because the output does not show that ADOM1 has exactly 300 MB of total disk space remaining. It is true that the Logs section has roughly 299 MB remaining because 900 MB quota minus 601 MB used is about 299 MB. However, the question asks what can be concluded from the whole output, and the output also includes the database quota and database usage. So treating 300 MB as the total remaining ADOM space is incomplete.

Option C is wrong because archive/log-file usage is not greater than analytic/database usage in the output. The Logs section shows about 601 MB used, while the Database section shows about 1.9 GB used. The study guide separates archive logs from analytics logs: archive logs are rolled and compressed log files, while analytics logs are indexed in the SQL database for immediate analysis. Here, the database/analytic side is using more space than the log/archive side.

Option D is wrong because the exhibit showing 0.0 KB for quarantine does not mean no quota is allocated to quarantining files. It only means quarantine usage is currently zero. The output is reporting current disk usage and quota allocation, not proving that quarantine storage is unavailable.

Exact Extract: Study Guide p.184: reports and charts can be imported/exported; templates and datasets cannot be exported directly.

Technical Deep Dive: The correct answers are B and C. FortiAnalyzer allows reports and charts to be imported and exported between same-type ADOMs or FortiAnalyzer devices. The guide explicitly says templates and datasets cannot be exported directly. Datasets move only as dependencies of exported charts, not as standalone exportable modules. Therefore, reports and charts are the two modules that match the direct import/export capability described in the guide.