What type of logs are moved to the new ADOM when a device is transferred?

When a device is transferred to a new ADOM (administrative domain) in FortiAnalyzer, the type of logs that are moved are archive (compressed) logs only. This refers to the logs that have already been compressed for storage efficiency and are not actively being used for current reporting or analysis.

The rationale behind this is tied to the operational design of FortiAnalyzer, where only archived data is carried over to avoid complications with real-time logging and reporting in the new ADOM. This design helps maintain a clean slate for the new ADOM while allowing historical data that has been archived to remain accessible.

Active logs, which include event logs and analytic logs, are typically not moved during the transfer process. Keeping these logs in their original ADOM ensures that ongoing analyses and reports associated with them are unaffected, allowing for continuity in log management and reporting related to the original device setup. Therefore, only the archive logs, having already been processed, are transferred, making option C the accurate choice.