Answer is B

B is correct... A is wrong, it's configured to be *preferred* primary but that does not mean it'll be operational primary to an existing cluster (i.e. it will not preempt).

Answer is A B. Port 1 is the interface the FortiAnalyzer HA unit uses to provide redundancy, not receive logs C. Failover Threshold is the one that does that. The number of heartbeat intervals that one of the cluster units waits to receive HA heartbeat packets from other cluster units before assuming that the other cluster units have failed. The default failover threshold is 3. D. Log Data Sync is not checked A. Preferred Role is selected primary, Priority is set to the highest priority possible (120). Ref : https://docs.fortinet.com/document/fortianalyzer/6.4.10/administration-guide/275104/configuring-ha-options

Furthermore: Fortianalyzer study guide 7.0: page 61: In the Cluster Virtual IP section, you need to select the interface and type the IP address for which the FAZ device is to provide redundancy. This is the IP that other devices need to point to send their logs once the cluster is up.

I don't think it's A. Cause the key word is that it will join "existing" cluster. That means there already is a primary and it won't trigger failover.

I think is B. If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit.

A. This FortiAnalyzer will join to the existing HA cluster as the primary. *NO, because a primary already exists, although the priority is high, the primary must fail for failover to occur.* B. This FortiAnalyzer is configured to receive logs in its port1. *NO, logs are not received based on a port, in addition this port and IP is for redundancy communication* C. This FortiAnalyzer will trigger a failover after losing communication with its peers for 10 seconds. *NO, because the value for failover should be 30 seconds since "heart beat interval" is multiplied by failover threshold* D. *After joining to the cluster, this FortiAnalyzer will keep an updated log database.* SI, Synchronizes logs and data securely among multiple FortiAnalyzer devices. System and configuration settings applicable to HA are also synchronized. ANSWER CORRECT A

I'm sorry, the correct answer is B not A B: In the Cluster Virtual IP section, you need to select the interface, and type the IP address for which the FortiAnalyzer device is to provide redundancy. Once the cluster is up, the devices sending their logs must point to this IP

Correct A Preferred Role is selected primary, Priority is set to the highest priority possible (120).

The correct answer is D --> After joining to the cluster, this FortiAnalyzer will keep an updated log database. https://docs.fortinet.com/document/fortianalyzer/6.4.10/administration-guide/275104/configuring-ha-options Log Data Sync: This option is on by default. It provides real-time log synchronization among cluster members.

logical answer is C Study Guide P. 62 " By default, the only parameter checked to trigger an automatic failover is the network reachability among cluster members." Notice the subnet configured on FAZ and Peer Subnet is different, which means there will be reachability issue with cluster members, which may trigger failover

why ppl don't see Heart Beat Interval Answer is C.