NSE 5 – FortiAnalyzer 7.0 — Question 17

Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)

Answer options

• A. Both modes, forwarding and aggregation, support encryption of logs between devices.
• B. In aggregation mode, you can forward logs to syslog and CEF servers as well.
• C. Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
• D. Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.

Correct answer: A, C

Explanation

Option A is correct because both forwarding and aggregation modes indeed support the encryption of logs to ensure secure transmission. Option C is also correct since aggregation mode is designed to store logs and send them to another FortiAnalyzer at a predetermined time. Option B is incorrect because aggregation mode does not forward logs to syslog and CEF servers, and option D is wrong as forwarding mode does not limit log forwarding solely to other FortiAnalyzer devices.