Question 2
Which two statements are true regarding FortiAnalyzer log forwarding? (Choose two.)
Both modes, forwarding and aggregation, support encryption of logs between devices.
In aggregation mode, you can forward logs to syslog and CEF servers as well.
Aggregation mode stores logs and content files and uploads them to another FortiAnalyzer device at a scheduled time.
Forwarding mode forwards logs in real time only to other FortiAnalyzer devices.
Correct answer: AC
Explanation:
A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config). C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.
A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config).
C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time.