On the exam, option B doesn't have a lock but is green to show it is up but not using secure syslog TCP port 6514. Since we can see the port used is 514 we know the syslog is not secure and is instead using UDP port 514. So for this question you need to be looking for a green (meaning online/up) option without a lock because it isn't secure. B and C are the same answer here so one was copied incorrectly. One of those should be green without a lock and that would be the answer.
Port UDP/514 is used for unencrypted log communication.
Syslog runs on UDP, where syslog servers listen to UDP port 514 and clients (sending log messages)
The default port for secure TCP syslog messages is 6514
By default, syslog protocol works over UDP port 514. If you need to pass syslog packets through a firewall, you need to allow access at UDP 514.
If you send syslog over the default UDP port 514, then messages are un-encrypted and can be intercepted and stolen over the network. If you want secure log messages transfer, then Syslog must work over TCP 6514 with secure TLS certificate-based authentication (RFC 5425)
that means that answer is GREEN WITHOUT LOCK.
It should be green with lock:
log is received (green) with encryption (tcp/514 is for OFTP)
https://training.fortinet.com/pluginfile.php/1245914/mod_resource/content/26/FortiAnalyzer_7.0_Study_Guide-Online.pdf?forcedownload=1 page 148 and
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/781928/device-manager
I think it is D. It's the only one that would receive a UDP log. The lock next to the Real Time circle means reliable/secure, which requires TCP. Status is down (red) though, but that might be a red herring.
in capture you see port UDP 514 what means UNencrypted - without lock
in capture you see SYSLOG traffic so it could be green
summary => green without lock is proper answer. This pic is missing there or D has wrong color
Identifies whether the device is successfully sending logs to the FortiAnalyzer unit. A green circle indicates that logs are being sent. A red circle indicates that logs are not being sent. The status indicator will turn from green to red when logs have not been sent for 15 minute or longer.
A lock icon displays when a secure tunnel is being used to transfer logs from the device to the FortiAnalyzer unit.
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/781928/device-manager
upvoted 2 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheRealConJon
Highly Voted 6 months, 3 weeks agonerostart
6 months, 1 week agodede1234
Most Recent 5 months, 1 week agok3rnelpanicpj
6 months, 2 weeks agok3rnelpanicpj
6 months, 2 weeks agomatt20491
6 months, 4 weeks agoilbartonicola
7 months agoLizanPR
7 months agowayne0926
7 months, 3 weeks agoM1gu3l
7 months, 1 week agopepso100
3 months ago