Exam NSE5_FAZ-7.0 topic 1 question 17 discussion

Correct A and C Aggregation mode stores logs and content files and uploads them to the FortiAnalyzer server at a scheduled time.

can confirm this was on exam today (6/15)

C&D https://docs2.fortinet.com/document/fortianalyzer/7.0.5/administration-guide/420493/modes

Aggregation mode is only supported between two FortiAnalyer devices.

Right answers A) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 148: The log communication between devices can be protected by encryption, with the desired encryption level, using the commands shown on the slide. (You need to interpret this. "Real time" and "aggregation" is about the "moment" when Fortigate sends the logs. However, no matter the moment, Fortigate will upload logs encrypted or unencrypted based on previous / differente config). C) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: Aggregation: Logs and content files stored and uploaded at scheduled time. Wrong answers B) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 146: Aggregation mode is only supported between two FortiAnalyzer devices. D) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 147: FortiAnalyzer can also forward logs in real-time mode to a syslog server, a Common Event Format (CEF) server, or another FortiAnalyzer.

Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong forwarding mode can forward logs in real-time mode to a syslog server, cef or another fortianalyzer

Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong. Forwarding is always in real time and does not ONLY forward to other FortiAnalyzer devices. It also forwards to Syslog/CEF. D is wrong. Answer is A and C.

Correct Answer: C & D Aggregation mode is only supported between two FortiAnalyer devices, so B is wrong. Aggregation: Logs and content filters stored and uploaded at scheduled time. Forwarding: Realtime or near realtime forwarding logs to servers FortiAnalyzer 7.0 Study Guide online page no: 146 & 147

I think here is B and C