Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
FortiAnalyzer log forwarding supports multiple modes, each with distinct functionalities. Aggregation mode stores logs and content files, then uploads them to another FortiAnalyzer device at a scheduled time. This ensures data is collected and sent at specific intervals. Both forwarding and aggregation modes support encryption of logs, providing secure communication between devices. This means that regardless of the mode used, the log data can be encrypted, ensuring secure transfer and storage.
Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong. Forwarding is always in real time and does not ONLY forward to other FortiAnalyzer devices. It also forwards to Syslog/CEF. D is wrong. Answer is A and C.
Right answers A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config). C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time. Wrong answers B) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 146: Aggregation mode is only supported between two FortiAnalyzer devices. D) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: FortiAnalyzer can also forward logs in real-time mode to a syslog server, a Common Event Format (CEF) server, or another FortiAnalyzer.
Correct Answer: C & D Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong. Aggregation: Logs and content filters stored and uploaded at scheduled time. Forwarding: Realtime or near realtime forwarding logs to servers FortiAnalyzer 7.0 Study Guide online page no: 146 & 147
I think here is B and C
C and D sorry
D: is wrong. Answer states that FortiAnalyzer can only forward in real time to other FortiAnalyzers. The Admin guide clearly states that real time can also be sent to other destinations: "You can forward logs from a FortiAnalyzer unit to another FortiAnalyzer unit, a syslog server, or a Common Event Format (CEF) server when you use the default forwarding mode in log forwarding." (https://docs2.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/621804/log-forwarding)
Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong forwarding mode can forward logs in real-time mode to a syslog server, cef or another fortianalyzer
Aggregation mode is only supported between two FortiAnalyer devices.
C&D https://docs2.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/420493/modes
can confirm this was on exam today (6/15)
Correct A and C Aggregation mode stores logs and content files and uploads them to the FortiAnalyzer server at a scheduled time.