Exam FCSS_EFW_AD-7.4 topic 1 question 18 discussion

Actual exam question from Fortinet's FCSS_EFW_AD-7.4

Question #: 18
Topic #: 1

Refer to the exhibit, which shows a physical topology and a traffic log.

The administrator is checking on FortiAnalyzer traffic from the device with IP address 10.1.10.1, located behind the FortiGate ISFW device.
The firewall policy in on the ISFW device does not have UTM enabled and the administrator is surprised to see a log with the action Malware, as shown in the exhibit.
What are the two reasons FortiAnalyzer would display this log? (Choose two.)

A. Security rating is enabled in ISFW.
B. ISFW is in a Security Fabric environment.
C. ISFW is not connected to FortiAnalyzer and must go through NGFW-1.
D. The firewall policy in NGFW-1 has UTM enabled.

Show Suggested Answer

Suggested Answer: BD 🗳️

Community vote distribution

BD (100%)

by Tweefo at March 26, 2025, 3:05 p.m.

Comments

Submit Cancel

Yaghu

1 week ago

Selected Answer: BD

Seems obvious.

upvoted 1 times

...

Tweefo

1 week, 1 day ago

Selected Answer: BD

B & D are correct. B : The Security Fabric, as a whole, logs each session once. The first FortiGate that handles a session in the Security Fabric logs the session. Any upstream FortiGate... still logs UTM events, if configured. D : NGFW applies UTM and generates UTM logs Source : Study Guide P257-259

upvoted 1 times

...

Exam FCSS_EFW_AD-7.4 All Questions

View all questions & answers for the FCSS_EFW_AD-7.4 exam

Exam FCSS_EFW_AD-7.4 topic 1 question 18 discussion

Comments

Yaghu

Tweefo

PMP