FCSS – SOC Analyst 7.4 — Question 3

Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.)

Answer options

• A. The supervisor uses an API to store logs, incidents, and events locally.
• B. Downstream collectors can forward logs to Fabric members.
• C. Logging devices must be registered to the supervisor.
• D. Fabric members must be in analyzer mode.

Correct answer: A, D

Explanation

Option A is correct because the supervisor indeed employs an API for local log storage. Option D is also correct as Fabric members must function in analyzer mode to effectively operate. Options B and C are incorrect; downstream collectors do not forward logs to Fabric members and registration of logging devices to the supervisor is not a strict requirement.