NSE 5 – FortiAnalyzer 6.4 — Question 18

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Answer options

• A. In aggregation mode, you can forward logs to syslog and CEF servers as well.
• B. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
• C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
• D. Both modes, forwarding and aggregation, support encryption of logs between devices.

Correct answer: C, D

Explanation

Option C is correct as aggregation mode indeed saves logs and content files, sending them at scheduled times. Option D is also accurate since both modes support encrypted log transmission. Options A and B are incorrect because A describes a feature not applicable to aggregation mode, and B inaccurately limits forwarding mode to only real-time transfers to FortiAnalyzer devices.