Exam NSE5_FAZ-7.0 topic 1 question 12 discussion

C and D Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer, which you can then run queries or reports on for forensic analysis. The FortiAnalyzer device that fetches logs operates as the fetch client, and the other FortiAnalyzer device that sends logs operates as the fetch server. Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end. FortiAnalyzer_7.0_Study_Guide-Online pag. 168

C,D - Correct. FortiAnalyzer 7.0. Study Guide page 168.

Coorect C and D Log fetching is used to retrieve archived logs from one FortiAnalyzer device to another. This allows administrators to run queries and reports against historic data, which can be useful for forensic analysis. Log fetching can only be done on two FortiAnalyzer devices running the same firmware

CD are correct. See https://docs.fortinet.com/document/fortianalyzer/7.4.0/administration-guide/651442/log-fetching

B - says the Perform 2 roles with same FortiAnalyzer device. should perform 2 roles with different FortiAnalyzer device at the other end. So should be C and D

C and D FAZ must run the same firmware version And a FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end. Key word is different in this case.

FortiAnalyzer_7.0_Study_Guide-Online page: 168 | Log Fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same Firmware. This makes Answer C correct FortiAnalyzer_7.0_Study_Guide-Online page: 168 | A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzers devices at the other end. This makes answer B correct.

C and D

The correct statements regarding log fetching on FortiAnalyzer are: B. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with the same FortiAnalyzer devices at the other end. D. Log fetching allows the administrator to run queries and reports against historical data by retrieving archived logs from one FortiAnalyzer device and sending them to another FortiAnalyzer device. Explanation: A is not a true statement because log fetching allows the administrator to fetch logs from other Fortinet devices, not from another FortiAnalyzer. C is not a true statement because log fetching can be done between FortiAnalyzer devices running different firmware versions. Therefore, B and D are the two statements that are true regarding log fetching on FortiAnalyzer.

B and C. The answer D states that the FAZ fetches logs and sends the to a third FAZ to use. In the study guide at page 168 it states that it fetches logs from another FAZ and is being used by the current FAZ. Also documents says that this can only be done between two FAZ devices, NOT forwarded to a third.

C and D Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer, which you can then run queries or reports on for forensic analysis. The FortiAnalyzer device that fetches logs operates as the fetch client, and the other FortiAnalyzer device that sends logs operates as the fetch server. Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end. FortiAnalyzer_7.0_Study_Guide-Online pag. 168

C and D. Classic devil in the details gotcha. B says *same* FortiAnalyzer devices, which is wrong... has to be *different* FAZ devices.

C and D FortiAnalyzer_7.0_Study_Guide-Online page 168; Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end. (Key words different devices, makes answer B incorrect)

FortiAnalyzer_7.0_Study_Guide-Online.pdf page 168: Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version. A FortiAnalyzer device can perform either the fetch server or client role, and it can perform two roles at the same time with different FortiAnalyzer devices at the other end.

C and D) FortiAnalyzer_7.0_Study_Guide-Online.pdf page 168: Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer, which you can then run queries or reports on for forensic analysis. Log fetching can happen only between two FortiAnalyzer devices, and both of them must be running the same firmware version.

C and D are the correct answers