FCP – FortiAnalyzer Administrator 7.4 — Question 37

Which two statements are true about FortiAnalyzer log forwarding modes? (Choose two.)

Answer options

• A. Both modes, forwarding and aggregation, send logs as soon as they are received.
• B. Aggregation mode requires two FortiAnalyzer devices.
• C. Forwarding mode forwards logs to other FortiAnalyzer devices, syslog servers, or CEF servers.
• D. Forwarding mode requires configuration on the server side.

Correct answer: B, C

Explanation

The correct answers are B and C because aggregation mode indeed requires two FortiAnalyzer devices to function correctly, while forwarding mode allows logs to be sent to various destinations including other FortiAnalyzer devices and syslog servers. Option A is incorrect as logs may not be sent immediately in all scenarios, and option D is misleading because forwarding mode typically does not require server-side configuration.