FCP_FAZ_AN-7.6 Questions Bank

Comprehensive and Detailed Explanation From Exact Extract of knowledge of FortiAnalyzer 7.6 Study guide documents:

B is true (members operate in analyzer mode, not collector mode):The study guide defines Fabric members as FortiAnalyzer devices that “retain access to the features described in the FortiAnalyzer Administration Guide” and that “each member can create or raise incidents and events.” In contrast, it states that a FortiAnalyzer operating incollector mode“does not provide capabilities for event management or reporting,” and also notes that “in collector mode, the GUI doesn’t include FortiView, Reports, or Incidents & Events.” Since Fabric members must be able to generate/manage incidents and events, they must be operating with analyzer capabilities rather than collector-only functionality.

C is true (members do not forward their logs to the supervisor):The supervisor provides centralized visibility, but the study guide describes the supervisor’s log access asviewing logs collected on members, not receiving/storing forwarded log files. It states: “In the FortiAnalyzer Fabric supervisor, Log View displays logs collected on all FortiAnalyzer Fabric members,” and clarifies “the logs contain the same information as displayed in the host FortiAnalyzer device they were collected on.” This indicates the logs remain on the member (host) and are made visible to the supervisor for centralized monitoring rather than being forwarded and stored on the supervisor.

For completeness, the study guide also explicitly states“HA is not available on the supervisor”(so A is false) andmembers do not need the same time zone as the supervisor(so D is false).