FortiAnalyzer Interview Questions & Answers

Question 1. What Are The Fundamental Of Fortianalyzer?

Answer :

FortiAnalyzer is a platform that integrates network logging, analysis, and reporting into a single system, delivering increased knowledge of security events throughout your network. FortiAnalyzer products minimize the effort required to scrutinize and maintain policies, as well as identify attack patterns to help us fine-tune organizational policies. In short, FortiAnalyzer provides Centralized Logging, Analysis, and Reporting on a Virtual Platform.

Question 2. What Are The Features And Benefits Of Fortianalyzer Virtual Appliances?

Answer :

Following are the features and benefits provided by FortiAnalyzer virtual appliances: -

1. FortiAnalyzer virtual appliances provides over 550 reports and customizable charts which helps to monitor and maintain identify attack patterns, acceptable use policies, and demonstrate policy compliance
2. FortiAnalyzer’s network capacity and utilization data reporting allow efficient management of the networks.
3. Scalable architecture of FortiAnalyzer allows the devices to run in collector or analyzer modes for optimized log processing.
4. Advanced inbuilt features within FortiAnalyzer such as event correlation, forensic analysis, and vulnerability assessment provide essential tools for in-depth protection of complex networks
5. Secure data aggregation from multiple FortiGate and FortiMail appliances provide compliance to the entire network.

Question 3. How Fortianalyzer Enhances The Visibility Within Its Platforms?

Answer :

FortiAnalyzer provides its services like security event analysis, forensic research, reporting, content archiving, and data mining, malicious file quarantining and vulnerability management to organizations of any size from a centralized location. Its capability of a centralized collection of data, correlation, and analysis of the diverse chronological and geographical security data from Fortinet appliances & third-party devices deliver a simplified, consolidated view of organizations threat exposure.

Question 4. How Fortianalyzer Manages Information Related To Security Events?

Answer :

We can put time back in by installing a FortiAnalyzer platform into the existing security infrastructure, creating a single view of the security events, archived content, and vulnerability assessments. FortiAnalyzer platforms pull the entire range of data from Fortinet solutions, including traffic, event, virus, attack, content filtering, and email filtering. It removes the manual search of multiple log files when performing forensic analysis and network auditing. FortiAnalyzer platform's centralized data archiving, file quarantine and vulnerability assessment further reduce the time taken to manage the range.

Question 5. What Factor Depends On Selecting Between Hardware And Virtual Appliances?

Answer :

Most of the organizations use less than the required hardware IT infrastructure or virtual IT infrastructure today, for many budget constraints. This creates a need for both hardware and virtual appliances within a security strategy. FortiAnalyzer can be installed either hardware or virtual appliance to fit the environment, which includes a mix of virtual and physical IT infrastructure. FortiAnalyzer has the capability to log events from Forti OS based hardware appliances, virtual appliances or a combination of both.

Question 6. What Are The Benefits Of Network Event Correlation Benefits?

Answer :

The element known as event correlation plays a key role in integrated management. Network Event Correlation Allows the system administrator to quickly identify and react to network security threats across the organization network.

Question 7. What Does The Graphical Summary Reports Show?

Answer :

Graphical summary reports provide detailed events, activities, and trends occurring on FortiGate and third-party devices on the entire network.

Question 8. How Do We Benefit From Fortianalyzer’s Performance To Upscale Capacity?

Answer :

FortiAnalyzer family models support thousands of FortiGate and FortiClient agents, and can dynamically scale storage based on retention and compliance requirements.

Question 9. What Are The Benefits Of Fortianalyzer Centralized Logging Of Multiple Record Types?

Answer :

This record including traffic activity, system events, viruses, attacks, Web filtering events, and messaging activities and data. System administrators can scrutinize the entire network from one single location.

Question 10. What Are The Benefits Of Fortianalyzer Seamless Integration With The Fortinet Products?

Answer :

The close integration with Fortinet Products maximizes its performance and allows FortiAnalyzer resources for efficient management from FortiGate or other FortiManager user interfaces.

Question 11. What Benefits If Fortianalyzer Is Selected Standalone, Collector, Or Analyzer Mode?

Answer :

FortiAnalyzer can be installed as an individual unit, or optimized for specific operations. It depends on the location and utility that is required. Any company does not require all features and benefits of FortiAnalyzer.

Question 12. How Do We Benefit From Fortianalyzer’s Versatile Management Solutions?

Answer :

Key elements of FortiAnalyzer’s management versatility are:

1.  Diversity of form factors
2.  Architectural flexibility
3.  Highly customizable
4.  Simple licensing

Question 13. How Does Fortianalyzer Differ From Traditional Methods?

Answer :

Threats are constantly evolving within networks, so as organizational growth or new regulatory and business requirements. Traditional methods focus on recording and identifying network threats through logging, analysis and reporting over time. FortiAnalyzer provides enterprise-class features to not only identify these threats but also provide flexibility to evolve along with the ever-changing network. FortiAnalyzer can generate highly customized reports for organizational requirements while aggregating logs in a hierarchical, tiered logging topology.

Question 14. What Do You Understand By Content Logging & Data Mining?

Answer :

Log aggregation and archiving is critical nowadays in identifying security threats and managing network usage. In addition to in-depth analysis, real-time logging, and reporting, FortiAnalyzer facilitates detailed content logging of user activities and network traffic. Activities can be scrutinized real time, archived and later analyzed as per the need. Activities can be tracked user wise, protocol, source, destination, etc. and the actual content exchanged in a session is available. Content logging is not only critical in order to implement regulatory mandates such as HIPAA and SOX compliance but absolutely needed to enforce acceptable use policies and protect important corporate assets and intellectual property.

Question 15. What Is Vulnerability Scanner?

Answer :

FortiAnalyzer’s integrated vulnerability scanner identifies vulnerabilities on a host server, such as a mail server, FTP server or any other UNIX or Windows host and produces vulnerability reports accordingly showing the potential weaknesses to attacks that may exist for a selected device.

Question 16. What Granular Information Do We Get With The Help Of Fortianalyzer?

Answer :

The FortiAnalyzer User Interface (UI) facilitates the system administrators to dig deep into security log data to provide the granular level of reporting necessary to understand what is happening on the entire network. Historical or real-time data allows network administrators to analyze log and content information, as well as the traffic of the entire network. The advanced forensic analysis tools allow the network administrator to track user activities to the content level.

Question 17. What Is Log Browser?

Answer :

Log Browser facilitates us to view log file or messages from the registered devices. We can easily filter the log files and messages to dig down and locate specific information.

Question 18. What Are The Fortianalyzer’s Supporting Devices?

Answer :

1.  FortiGate Multi-Threat Security Systems.
2.  FortiMail Email Security Systems.
3.  FortiClient Mobile End-Point Security.
4.  FortiClient PC End-Point Security.
5.  FortiManager Centralized Management.
6.  Any Syslog-Compatible Device.

Question 19. How Can We Edit The Fortianalyzer’s Ip Address?

Answer :

To edit the FortiAnalyzer VM IP address we need to perform the following steps:

1. In the toolbar select Asset > Manage/View Products, which opens the View Products page.
2. Select the FortiAnalyzer VM serial number and the Product Details page opens.
3. Select Edit to change the description, partner information, and IP address of the specific FortiAnalyzer VM.
4. Then Edit Product Info page opens.
5. We now need to enter the new IP address and select Save. There is no restriction of number of changing the IP address   on a full evaluation license

Question 20. What Do You Mean By Thick Provision Lazy Zeroed?

Answer :

Thick provision lazy zeroed is the process of allocating a space within the storage for a virtual machine (VM) disk that creates a virtual disk in a default thick format. The thick provision means all the space designated for the virtual disk files are reserved for the Virtual Machine is created.

Question 21. What Is Thick Provisioning Eager Zeroed?

Answer :

Thick provisioning eager zeroed is a VMware provisioning process, which generates a virtual machine (VM) disk in a default thick format. Thick provision eager zeroed supports clustering features such as VMware Fault Tolerance, a component of VMware vSphere that is to provide high availability (HA) for enterprise software applications.

Question 22. What Is Thin Provisioning?

Answer :

Thin provisioning (TP) is a process of maximizing the efficiency with which the available space is utilized in storage area networks (SAN). Thin Provisioning functions by allocating disk storage space in a flexible manner among multiple users, based on the minimum space required by each user at any given time.

Question 23. What Is Traditional Storage Provisioning?

Answer :

Storage provisioning is the process of assigning storage, usually in the form of server disk drive space, in order to optimize the performance of a storage area network (SAN). Traditionally, this has been done by the SAN administrator, and it can be a tedious process.

Question 24. What Is Fetching?

Answer :

We can fetch offline reports, which are compressed logs from one FortiAnalyzer unit to a second FortiAnalyzer unit where the logs that can be automatically indexed in the database to support data analysis on the Log View, FortiView, and Reports tabs. The fetch feature in FortiAnalyzer allows system administrators to analyze data from compressed logs without affecting the performance of the primary FortiAnalyzer unit because the process of fetching logs happens in the background.

Question 25. How Many Panes Does Fortianalyzer Have And What Are Its Functions?

Answer :

Generally, FortiAnalyzer’s pane has four primary parts: the banner, toolbar, tree menu, and content pane.

1. Banner is on the top of the page; which includes the home button (Fortinet logo), tile menu, ADOM menu (when enabled), admin menu, notifications, and help button.

2. Tree menu is on the left side, which includes the menus for the selected pane. Not available in Device Managers.

3. The Content pane consists of widgets, lists, configuration options, or other information, depending on the pane, menu, or options that have been selected. Most management tasks are handled in the content pane.

4. The toolbar is directly above the content pane; which includes options for managing content in the content pane, such as Create New and Delete.

To switch between panes, we should either select the home button to return to the homepage or select the file menu then select a new tile.

Question 26. How Can We Add A Static Route?

Answer :

Adding a static route in FortiAnalyzer is easy by the following steps:

1. We need to go to System Settings > Network.
2. After that, we should click the Routing Table button to add an IPv4 static route or the IPv6 Routing Table button to add an  IPv6 static route.
3. Then we should click the Create New button. The Create New Network Route pane is displayed.
4. Lastly, we can configure the settings, and click OK to create the new static route.

Question 27. How Can We Change The Administrative Access?

Answer :

1.  To change administrative access we should first go to System Settings > Network.
2.  By default, port1 settings will be displayed. We can configure administrative access for a different interface.
3.  We should Click All Interfaces, and select the interface from the list.
4.  We should set the IPv4 IP Address/Netmask or the IPv6 Address.
5.  After that we should select one or more Administrative Access types for the interface, and set the default gateway and   Domain Name System (DNS) servers followed by clicking on Apply.

Question 28. How To Configure Raid?

Answer :

1.  To configure the RAID level we should Go to System Settings > RAID Management.
2.  Then we should click on change beside RAID Level, which displays the RAID Settings dialog box.
3.  We should select a new raid level from the RAID Level list, and click OK.
4.  FortiAnalyzer unit will restart itself.
5.  The Duration to generate the RAID array significantly depends on the selected RAID level.

Question 29. How Can We Replace Hard Disks?

Answer :

Whenever a hard disk on a FortiAnalyzer unit fails, it has to be replaced. FortiAnalyzer devices that support hardware RAID, the hard disk can be replaced while the FortiAnalyzer unit is still running, known as hot swapping. On FortiAnalyzer units with software RAID, the device should be shut down prior to exchanging the hard disk.

Question 30. What Is The Difference Between A Thick And Eager Zeroed Thick Virtual Disk?

Answer :

Most of us are familiar with the difference between a thin-provisioned virtual disk and a thick-provisioned virtual disk. A thick disk's blocks are allocated in Virtual Machine when the disk is created whereas a thin disk's blocks are not. The difference in performance between a thick disk and an Eager Zeroed thick disk is very small, but some applications, still require eager zeroed thick provisioned disks.