Exam FCP_FAZ_AN-7.6 Topic 2 Question 72 Discussion
Actual exam question for Fortinet's FCP_FAZ_AN-7.6 exam
Question #: 72
Topic #: 2
Question #: 72
Topic #: 2
Refer to Exhibit:
Client-1 is trying to access the internet for web browsing.
All FortiGate devices in the topology are part of a Security Fabric with logging to FortiAnalyzer configured.
All firewall policies have logging enabled. All web filter profiles are configured to log only violations.
Which statement about the logging behavior for this specific traffic flow is true?
Client-1 is trying to access the internet for web browsing.
All FortiGate devices in the topology are part of a Security Fabric with logging to FortiAnalyzer configured.
All firewall policies have logging enabled. All web filter profiles are configured to log only violations.
Which statement about the logging behavior for this specific traffic flow is true?
Suggested Answer: D Vote an answer
The study guide explains that in a Security Fabric, traffic logging is not duplicated across FortiGates for the same session: "Traffic logging for a session ... is always carried out by the first FortiGate that handled it" and if a FortiGate receives traffic from a peer FortiGate MAC, "it does not generate a new traffic log for that session." For UTM (web filtering) logs, the study guide states: "When configured, upstream devices complete UTM logging." In the illustrated example, it further clarifies the role split: "All traffic from Client-1 is first received by FGT-B, which creates traffic logs for the initial session... [then] forwarded to FGT-A... [and] FGT-A
... applies web filtering ... and generates the relevant UTM logs as necessary." Because web filter profiles are configured to log only violations, web filter (UTM) logs will be generated only when a violation is detected-and per the study guide behavior, that UTM logging is done by the upstream FortiGate (FGT-A). Therefore, only FGT-A will create web filter logs if it detects a violation (Option D).
... applies web filtering ... and generates the relevant UTM logs as necessary." Because web filter profiles are configured to log only violations, web filter (UTM) logs will be generated only when a violation is detected-and per the study guide behavior, that UTM logging is done by the upstream FortiGate (FGT-A). Therefore, only FGT-A will create web filter logs if it detects a violation (Option D).
by Nathaniel at Jun 25, 2026, 12:40 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).