Join the discussion
Question 2/11
Refer to Exhibit:
You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?
You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?
Correct Answer: B
* Understanding FortiAnalyzer Data Policy and Disk Utilization:
* FortiAnalyzer uses data policies to manage log storage, retention, and disk utilization.
* The Data Policy section indicates how long logs are kept for analytics and archive purposes.
* The Disk Utilization section specifies the allocated disk space and the proportions used for analytics and archive, as well as when alerts should be triggered based on disk usage.
* Analyzing the Provided Exhibit:
* Keep Logs for Analytics:60 Days
* Keep Logs for Archive:120 Days
* Disk Allocation:300 GB (with a maximum of 441 GB available)
* Analytics: Archive Ratio:30% : 70%
* Alert and Delete When Usage Reaches:90%
* Potential Problems Identification:
* Disk Space Allocation:The allocated disk space is 300 GB out of a possible 441 GB, which might not be insufficient if the log volume is high, but it is not the primary concern based on the given data.
* Analytics-to-Archive Ratio:The ratio of 30% for analytics and 70% for archive is unconventional. Typically, a higher percentage is allocated for analytics since real-time or recent data analysis is often prioritized. A common configuration might be a 70% analytics and 30% archive ratio. The misconfigured ratio can lead to insufficient space for analytics, causing issues with real-time monitoring and analysis.
* Retention Periods:While the retention periods could be seen as lengthy, they are not necessarily indicative of a problem without knowing the specific log volume and compliance requirements.
The length of these periods can vary based on organizational needs and legal requirements.
* Conclusion:
* Based on the analysis, the primary issue observed is theanalytics-to-archive ratiobeing misconfigured. This misconfiguration can significantly impact the effectiveness of the FortiAnalyzer in real-time log analysis, potentially leading to delayed threat detection and response.
References:
* Fortinet Documentation on FortiAnalyzer Data Policies and Disk Management.
* Best Practices for FortiAnalyzer Log Management and Disk Utilization.
* FortiAnalyzer uses data policies to manage log storage, retention, and disk utilization.
* The Data Policy section indicates how long logs are kept for analytics and archive purposes.
* The Disk Utilization section specifies the allocated disk space and the proportions used for analytics and archive, as well as when alerts should be triggered based on disk usage.
* Analyzing the Provided Exhibit:
* Keep Logs for Analytics:60 Days
* Keep Logs for Archive:120 Days
* Disk Allocation:300 GB (with a maximum of 441 GB available)
* Analytics: Archive Ratio:30% : 70%
* Alert and Delete When Usage Reaches:90%
* Potential Problems Identification:
* Disk Space Allocation:The allocated disk space is 300 GB out of a possible 441 GB, which might not be insufficient if the log volume is high, but it is not the primary concern based on the given data.
* Analytics-to-Archive Ratio:The ratio of 30% for analytics and 70% for archive is unconventional. Typically, a higher percentage is allocated for analytics since real-time or recent data analysis is often prioritized. A common configuration might be a 70% analytics and 30% archive ratio. The misconfigured ratio can lead to insufficient space for analytics, causing issues with real-time monitoring and analysis.
* Retention Periods:While the retention periods could be seen as lengthy, they are not necessarily indicative of a problem without knowing the specific log volume and compliance requirements.
The length of these periods can vary based on organizational needs and legal requirements.
* Conclusion:
* Based on the analysis, the primary issue observed is theanalytics-to-archive ratiobeing misconfigured. This misconfiguration can significantly impact the effectiveness of the FortiAnalyzer in real-time log analysis, potentially leading to delayed threat detection and response.
References:
* Fortinet Documentation on FortiAnalyzer Data Policies and Disk Management.
* Best Practices for FortiAnalyzer Log Management and Disk Utilization.
Add Comments
- Other Question (11q)
- Q1. Refer to the exhibits. (Exhibit) The Malicious File Detect playbook is configured to creat...
- Q2. Refer to Exhibit: (Exhibit) You are tasked with reviewing a new FortiAnalyzer deployment i...
- Q3. While monitoring your network, you discover that one FortiGate device is sending significa...
- Q4. When configuring a FortiAnalyzer to act as a collector device, which two steps must you pe...
- Q5. Review the following incident report: Attackers leveraged a phishing email campaign target...
- Q6. Refer to the exhibit. (Exhibit) Assume that all devices in the FortiAnalyzer Fabric are sh...
- Q7. A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on ...
- Q8. Refer to the exhibits. (Exhibit) The FortiMail Sender Blocklist playbook is configured to ...
- Q9. When configuring a FortiAnalyzer to act as a collector device, which two steps must you pe...
- Q10. Refer to the exhibits. (Exhibit) You configured a custom event handler and an associated r...
- Q11. Refer to the Exhibit: (Exhibit) An analyst wants to create an incident and generate a repo...
[×]
Download PDF File
Enter your email address to download Fortinet.FCSS_SOC_AN-7.4.v2024-10-22.q11.pdf