Refer to the exhibit. The capture displayed was taken on a FortiAnalyzer. Why is a single IP address shown as the source for all logs received? (Choose one answer)

A. FortiAnalyzer is using the device MAC addresses to differentiate their logs.
B. The logs belong to devices that are part of a high availability (HA) cluster.
C. FortiAnalyzer is receiving logs from the root FortiGate of a Security Fabric.
D. The device sending logs has two VDOMs in the same ADOM.

Correct Answer: B

Brave-Dump Clients Votes

C 100%

Comments

Support 2025-09-10 14:59:37

Selected Answers: C

Both answers are technically possible. The correct choice depends on the specific setup:
If you know that an HA cluster is being used → B is probably correct.
If you know that a security fabric with centralized log forwarding is active → C is probably correct.