ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
What is the purpose of playbook trigger variables?
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What does the data point at 12:20 indicate?
Which log will generate an event with the status Contained?

Question 34 - FCP_FAZ_AN-7.4 discussion

Report
Export

Refer to Exhibit:

Client-1 is trying to access the internet for web browsing.

All FortiGate devices in the topology are part of a Security Fabric with logging to FortiAnalyzer configured. All firewall policies have logging enabled. All web filter profiles are configured to log only violations.

Which statement about the logging behavior for this specific traffic flow is true?

A.

Only FGT-B will create traffic logs.

Answers
A.

Only FGT-B will create traffic logs.

B.

FGT-B will see the MAC address of FGT-A as the destination and notifies FGT-A to log this flow.

Answers
B.

FGT-B will see the MAC address of FGT-A as the destination and notifies FGT-A to log this flow.

C.

FGT B will create traffic logs and will create web filter logs if it detects a violation.

Answers
C.

FGT B will create traffic logs and will create web filter logs if it detects a violation.

D.

Only FGT-A will create web filter logs if it detects a violation.

Answers
D.

Only FGT-A will create web filter logs if it detects a violation.

Suggested answer: C

Explanation:

The topology shows a Security Fabric setup involving FortiGate devices (FGT-A and FGT-B) and a FortiAnalyzer for centralized logging. Let's break down the logging and traffic flow behavior:

Traffic Flow Analysis:

Client-1 initiates web traffic directed to the internet, which is routed through FGT-B and then FGT-A before reaching the internet. This is indicated by the direction of the red-dashed arrow from Client-1 through FGT-B to FGT-A.

Policy and NAT Settings:

On FGT-B, NAT is disabled, meaning it will pass the traffic through without altering the source IP. This device has a Web Filter enabled with a policy to log violations only.

On FGT-A, NAT is enabled, and a Web Filter profile is also applied. Like FGT-B, it logs only violations for web filtering.

Logging Behavior:

Since both FortiGate devices have logging enabled for traffic and web filtering, they can create logs if conditions are met.

FGT-B will log all traffic, as per its configuration, and will also create web filter logs if it detects a violation, as the web filter profile is applied. Because NAT is disabled on FGT-B, it processes the traffic but doesn't perform any address translation, allowing it to see the original source IP of Client-1.

FGT-A, as the Security Fabric root, will handle NAT and forward the traffic to the internet. However, in this case, the question is focused on where the traffic and web filter logs would be generated first, particularly by FGT-B.

Option Analysis:

Option A - Only FGT-B will create traffic logs: This is incorrect because FGT-B can create both traffic logs and web filter logs if it detects a violation.

Option B - FGT-B will see the MAC address of FGT-A and notify FGT-A to log: This is not how logging works in this setup. Each FortiGate logs independently based on configured policies.

Option C - FGT-B will create traffic logs and will create web filter logs if it detects a violation: This is correct, as FGT-B has logging enabled and will log traffic and web filter violations.

Option D - Only FGT-A will create web filter logs if it detects a violation: This is incorrect, as FGT-B can also log web filter violations independently.

Conclusion:

Correct Answe r : C. FGT-B will create traffic logs and will create web filter logs if it detects a violation.

FGT-B is responsible for logging the traffic from Client-1 and will generate web filter logs if there is a policy violation, as configured.

FortiOS 7.4.1 documentation on Security Fabric logging behavior and FortiAnalyzer log integration.

Show Answer
asked 27/11/2024
Devon Marsham
29 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms