On the exam, option B doesn't have a lock but is green to show it is up but not using secure syslog TCP port 6514. Since we can see the port used is 514 we know the syslog is not secure and is instead using UDP port 514. So for this question you need to be looking for a green (meaning online/up) option without a lock because it isn't secure. B and C are the same answer here so one was copied incorrectly. One of those should be green without a lock and that would be the answer.
Port UDP/514 is used for unencrypted log communication.
Syslog runs on UDP, where syslog servers listen to UDP port 514 and clients (sending log messages)
The default port for secure TCP syslog messages is 6514
By default, syslog protocol works over UDP port 514. If you need to pass syslog packets through a firewall, you need to allow access at UDP 514.
If you send syslog over the default UDP port 514, then messages are un-encrypted and can be intercepted and stolen over the network. If you want secure log messages transfer, then Syslog must work over TCP 6514 with secure TLS certificate-based authentication (RFC 5425)
that means that answer is GREEN WITHOUT LOCK.
It should be green with lock:
log is received (green) with encryption (tcp/514 is for OFTP)
https://training.fortinet.com/pluginfile.php/1245914/mod_resource/content/26/FortiAnalyzer_7.0_Study_Guide-Online.pdf?forcedownload=1 page 148 and
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/781928/device-manager
I think it is D. It's the only one that would receive a UDP log. The lock next to the Real Time circle means reliable/secure, which requires TCP. Status is down (red) though, but that might be a red herring.
in capture you see port UDP 514 what means UNencrypted - without lock
in capture you see SYSLOG traffic so it could be green
summary => green without lock is proper answer. This pic is missing there or D has wrong color
Identifies whether the device is successfully sending logs to the FortiAnalyzer unit. A green circle indicates that logs are being sent. A red circle indicates that logs are not being sent. The status indicator will turn from green to red when logs have not been sent for 15 minute or longer.
A lock icon displays when a secure tunnel is being used to transfer logs from the device to the FortiAnalyzer unit.
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/781928/device-manager
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheRealConJon
Highly Voted 11 months, 2 weeks agonerostart
11 months agodede1234
Most Recent 10 months agok3rnelpanicpj
11 months, 1 week agok3rnelpanicpj
11 months, 1 week agomatt20491
11 months, 3 weeks agoilbartonicola
11 months, 3 weeks agoLizanPR
11 months, 3 weeks agowayne0926
1 year agoM1gu3l
12 months agopepso100
7 months, 3 weeks ago