100+ Free FCP FortiAnalyzer 7.4 Practice Questions

Pass your Fortinet FCP - FortiAnalyzer 7.4 Administrator (FCP_FAZ_AD-7.4) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

An administrator wants to logically separate logs and reports for two business units on a single FortiAnalyzer. Which feature should the administrator use?

Virtual domains (VDOMs)

Administrative domains (ADOMs)

FortiGate VDOM links

Storage policies

to track

2026 Statistics

Key Facts: FCP FortiAnalyzer 7.4 Exam

Questions

Fortinet

65 min

Exam Duration

Fortinet

Pass/Fail

Scoring

No scaled score

$200

Exam Fee

Fortinet / Pearson VUE

7.4.1

Software Version

FortiAnalyzer & FortiOS

2 years

Cert Valid

Fortinet FCP

The FCP FortiAnalyzer 7.4 Administrator (FCP_FAZ_AD-7.4) exam has 35 multiple-choice questions in 65 minutes, scored as pass/fail with no scaled score released. The exam fee is $200 USD through Pearson VUE and is built around FortiAnalyzer 7.4.1 and FortiOS 7.4.1. The certification is part of the Fortinet Certified Professional (FCP) Security Operations track and remains valid for two years.

Sample FCP FortiAnalyzer 7.4 Practice Questions

Try these sample questions to test your FCP FortiAnalyzer 7.4 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1An administrator wants to logically separate logs and reports for two business units on a single FortiAnalyzer. Which feature should the administrator use?

A.Virtual domains (VDOMs)

B.Administrative domains (ADOMs)

C.FortiGate VDOM links

D.Storage policies

Explanation: Administrative domains (ADOMs) are the FortiAnalyzer construct used to logically segregate devices, logs, reports, and administrators. Each ADOM has its own database tables, disk quota, and access control, making it the standard way to isolate tenants or business units on a single FortiAnalyzer.

2By default, ADOMs are disabled on a new FortiAnalyzer. Where does an administrator enable ADOM mode?

A.System Settings > Advanced > Advanced Settings

B.System Settings > All ADOMs

C.System Settings > Dashboard > CLI Console

D.Tools > Feature Visibility

Explanation: ADOM mode is enabled in System Settings > Advanced > Advanced Settings by toggling the ADOM feature on. After enabling, the administrator can create ADOMs and assign devices. Until enabled, FortiAnalyzer operates in a single global context.

3Which ADOM type should be selected to manage logs from FortiClient EMS deployments?

A.FortiGate ADOM

B.FortiCarrier ADOM

C.FortiClient ADOM

D.Fabric ADOM

Explanation: FortiAnalyzer provides device-type-specific ADOMs. The FortiClient ADOM is purpose-built to receive and process FortiClient endpoint logs forwarded by FortiClient EMS. Datasets and templates inside that ADOM target endpoint event schemas.

4An administrator enables advanced mode on an ADOM. What capability does this unlock?

A.Assigning a single device to multiple ADOMs in the same FortiAnalyzer

B.Adding individual VDOMs from the same FortiGate to different ADOMs

C.Increasing the ADOM disk quota beyond the licensed cap

D.Forwarding logs in CEF format only

Explanation: Advanced mode for an ADOM lets the administrator assign individual VDOMs from the same FortiGate device to different ADOMs. In normal (non-advanced) mode, the entire device — all of its VDOMs — must reside in a single ADOM.

5Which factor primarily determines how much disk space an ADOM consumes for analytic logs?

A.ADOM disk quota and SQL retention setting

B.Number of administrators assigned to the ADOM

C.Whether the ADOM is in advanced mode

D.Number of report templates published

Explanation: Each ADOM has a configurable disk quota plus separate analytic and archive retention values. SQL (analytic) data lives within the analytic retention window up to the quota, after which oldest data is rolled off to archive or deleted.

6Which two storage stages are configured per ADOM on FortiAnalyzer? (Choose the best answer.)

A.Analytic and archive

B.Hot and cold

C.Live and snapshot

D.Compressed and uncompressed

Explanation: FortiAnalyzer separates ADOM storage into two stages: analytic (indexed in the SQL database for fast searches and reports) and archive (compressed flat files used for long-term retention and compliance). Each stage has its own retention setting in days.

7An administrator wants to apply role-based access so a junior engineer can only view FortiGate logs in the Branch ADOM. Which approach is correct?

A.Create a custom admin profile with read-only Log View and assign the user only to the Branch ADOM

B.Add the user to the Super_User profile and restrict via firewall policy

C.Create a Restricted_User in the global ADOM and assign all ADOMs

D.Add the user as a Standard_User with the wildcard ADOM

Explanation: Granular access on FortiAnalyzer is implemented by combining a custom admin profile (which sets per-feature read/read-write/none) with explicit ADOM assignment. Limiting Log View to read-only and assigning only the Branch ADOM gives least privilege.

8A FortiGate is added to FortiAnalyzer but its logs do not appear. The FortiGate shows the FortiAnalyzer status as unauthorized. What is the most likely cause?

A.The FortiGate must be authorized in the Device Manager on FortiAnalyzer

B.The FortiGate firmware is older than 7.0

C.The ADOM is in advanced mode

D.Log encryption is required on the FortiAnalyzer side

Explanation: When a FortiGate is registered, it appears as an unauthorized device on FortiAnalyzer until an administrator authorizes it in Device Manager. Until then, FortiAnalyzer rejects logs from that device.

9Which CLI command on FortiGate points it at a FortiAnalyzer for log forwarding?

A.config log syslogd setting

B.config log fortianalyzer setting

C.config system fortianalyzer

D.config log forwarding

Explanation: On FortiGate, `config log fortianalyzer setting` is the CLI tree that enables FortiAnalyzer logging and configures the IP/serial number, encryption, and upload mode (real-time or store-and-upload).

10Which protocol does a FortiGate use by default to send logs to FortiAnalyzer?

A.Plain syslog over UDP 514

B.OFTP over TCP 514

C.HTTPS REST

D.SNMP traps

Explanation: FortiGate forwards logs to FortiAnalyzer using the Fortinet OFTP (Open FortiGate Transfer Protocol) over TCP port 514 by default, with optional TLS encryption. OFTP supports compression and reliable, session-aware delivery.

About the FCP FortiAnalyzer 7.4 Exam

The Fortinet FCP FortiAnalyzer 7.4 Administrator certification validates the skills needed to deploy, configure, and operate FortiAnalyzer 7.4 for centralized log management, analytics, and SOC workflows. Topics include ADOMs, device registration and authorization, log management and filtering, event handlers, reports and report templates, FortiSoC incident handling, indicators of compromise, fabric view, log forwarding (syslog, CEF, secure TLS, LZ4), Storage Connectors (S3 and NFS), HA clustering, REST API, and backups.

Questions

35 scored questions

Time Limit

65 minutes

Passing Score

Pass/Fail

Exam Fee

$200 USD (Fortinet / Pearson VUE)

FCP FortiAnalyzer 7.4 Exam Content Outline

~15%

System Configuration & ADOMs

ADOM enablement, ADOM types (FortiOS, FortiCarrier, FortiClient, fabric), advanced mode, storage stages, HA cluster of FortiAnalyzers, REST API access

~12%

Device Registration & Authorization

Adding and authorizing FortiGate, FortiClient EMS, and other Fortinet devices; OFTP transport; reliable mode; real-time vs store-and-upload; Security Fabric authorization; syslog ingest

~18%

Log Management & Filtering

Log View, Log Browse, fast vs deep search, display vs column filters, log fields and subtypes, log retention (analytic and archive), log forwarding (syslog, CEF, secure TLS, LZ4), aggregation

~13%

Event Handlers & Alerts

Predefined and custom handlers, severity filtering, aggregation thresholds, notification channels (email, SNMP, syslog, webhook), rate-limiting, scope by device

~14%

Reports & Report Templates

Datasets (built-in and custom SQL), chart types, report templates, scheduling, output profiles (PDF/HTML/CSV/email/SCP), template macros and variables, performance tuning

~14%

Data Analytics & FortiSoC

FortiSoC dashboard, event monitor, incidents and lifecycle, indicators of compromise (IOC), fabric view, FortiView dashboards, MITRE ATT&CK matrix, endpoint vulnerability analytics

~7%

Administrator Access & Authentication

Local and remote authentication (LDAP/LDAPS, RADIUS with VSAs, TACACS+), admin profiles, ADOM scope, trusted hosts, FortiToken MFA, audit logging, REST API roles

~7%

Backups & System Maintenance

Scheduled and on-demand backups, encrypted backup files, restore on matching firmware, firmware upgrades on HA clusters, Storage Connectors (S3 and NFS), database rebuild, time sync, diagnostics

How to Pass the FCP FortiAnalyzer 7.4 Exam

What You Need to Know

Passing score: Pass/Fail
Exam length: 35 questions
Time limit: 65 minutes
Exam fee: $200 USD

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

FCP FortiAnalyzer 7.4 Study Tips from Top Performers

1Build a FortiAnalyzer 7.4 lab and authorize at least one FortiGate so you can practice device registration and OFTP

2Master ADOM concepts: types, advanced mode, storage stages (analytic vs archive), and disk quota

3Practice writing custom datasets — the exam tests knowledge of dataset cloning and report templates

4Configure at least one custom event handler with aggregation thresholds and a custom notification

5Test a log-forwarding profile with CEF format, TLS, and LZ4 to a remote SIEM or another FortiAnalyzer

6Walk an incident through the FortiSoC lifecycle (new -> analysis -> contained -> eradicated -> recovery -> closed)

7Use the diagnose sniffer and diagnose log device commands to troubleshoot ingest issues

8Read the official 7.4 exam description PDF and Administration Guide chapters on ADOMs, reports, and event handlers

Frequently Asked Questions

What is the Fortinet FCP FortiAnalyzer 7.4 passing score?

The FCP_FAZ_AD-7.4 exam is scored on a pass/fail basis. Fortinet does not publish a numeric scaled score; candidates receive a pass or fail result on screen at the end of the exam. The exam contains 35 questions to be answered in 65 minutes.

How much does the FCP FortiAnalyzer 7.4 exam cost?

The exam fee is $200 USD per attempt through Pearson VUE, consistent with Fortinet's Certified Professional (FCP) tier pricing. Vouchers, retake bundles, and partner discounts may apply. Pricing is set by Fortinet and may vary by region.

What software versions does the FCP_FAZ_AD-7.4 exam cover?

The exam description targets FortiAnalyzer 7.4.1 and FortiOS 7.4.1. Candidates should test on these specific builds when practicing, as features such as Storage Connectors, MITRE ATT&CK matrix view, and LZ4 log-forwarding compression depend on the 7.4 release.

What topics are covered on the FortiAnalyzer 7.4 Administrator exam?

The exam covers eight functional areas: System Configuration & ADOMs (~15%), Device Registration & Authorization (~12%), Log Management & Filtering (~18%), Event Handlers & Alerts (~13%), Reports & Report Templates (~14%), Data Analytics & SOC View (~14%), Administrator Access & Authentication (~7%), and Backups & System Maintenance (~7%). Domain weightings are estimates based on the official exam description.

How long should I study for FCP FortiAnalyzer 7.4?

Most candidates study 30-50 hours when they already operate FortiGate. Plan to: 1) Review the official exam description PDF, 2) Set up a FortiAnalyzer 7.4 lab (VM trial works), 3) Practice ADOM creation and device authorization, 4) Build a custom event handler and a custom report template, 5) Configure a log-forwarding profile (CEF + TLS), 6) Complete 100+ practice questions and review explanations.

Is FCP FortiAnalyzer enough for the FCP Security Operations specialization?

FCP_FAZ_AD-7.4 is one of the qualifying exams toward the Fortinet Certified Professional - Security Operations specialization. Candidates typically pair it with FCP_FCT (FortiClient EMS) or another Security Operations exam to complete the specialization. Confirm the current exam list on the Fortinet certification portal before scheduling.

How long is the FCP FortiAnalyzer 7.4 certification valid?

Fortinet FCP certifications are valid for two years from the date of passing. Recertification requires passing a current FCP exam in the same track or moving up to FCSS/FCX. Fortinet may update the exam version (e.g., 7.4 to a future release) during your validity period.