Refer to the exhibit, which shows a physical topology and a traffic log. The administrator is checking on FortiAnalyzer traffic from the device with IP address 10.1.10.1, located behind the FortiGate ISFW device. The firewall policy in on the ISFW device does not have UTM enabled, and the administrator is surprised to see a log with the action Malware, as shown in the exhibit. What are the two reasons FortiAnalyzer would display this log? (Choose two answers)

A. Security rating is enabled in ISFW.
B. ISFW is in a Security Fabric environment.
C. ISFW is not connected to FortiAnalyzer and must go through NGFW-1.
D. The firewall policy in NGFW-1 has UTM enabled.

Correct Answer: B,D

Brave-Dump Clients Votes

BD 100%

Comments

Brave-Dumps Admin 2025-04-27 10:48:10

Selected Answers: B, D

B & D is correct
EFW 7.4 study guide page 258 confirms that,

Use Case 1: Security Fabric Logging on FortiAnalyzer
• The first FortiGate that handles a session in the Security Fabric logs the session
• Any upstream FortiGate that is a member of the Security Fabric does not create duplicate traffic logs for
sessions coming from another member's MAC address with the following exceptions:
• If an upstream FortiGate performs NAT, FortiGate generates another log on that device
• Upstream FortiGate devices still log UTM events, if configured