Skip to Content

Fortinet NSE4_FGT-7.2: What is the default behavior when local disk is full

By: Author Alex Lim

Posted on

Categories Exam

Question

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

A. No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%.
B. No new log is recorded until you manually clear logs from the local disk.
C. Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.
D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

Answer

D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

Explanation

The correct answer is D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

According to the FortiGate CLI Reference, the default behavior of logging to the local disk is as follows:

  • When the log disk usage reaches 75%, the FortiGate unit sends a warning message to the console and to the syslog server (if configured).
  • When the log disk usage reaches 95%, the FortiGate unit sends another warning message and stops logging new messages. The FortiGate unit will resume logging when the log disk usage drops below 95%.
  • When the log disk usage reaches 100%, the FortiGate unit overwrites the oldest log files with new ones. The FortiGate unit does not send any warning message for this action.

Therefore, option D is the only one that matches this description. Option A is incorrect because the FortiGate unit will overwrite the logs when the disk is full, not stop logging. Option B is incorrect because the FortiGate unit does not require manual intervention to clear logs from the local disk. Option C is incorrect because the first warning is issued at 75%, not 95%.

Reference

Fortinet NSE 4 – FortiOS 7.2 NSE4_FGT-7.2 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Fortinet NSE 4 – FortiOS 7.2 NSE4_FGT-7.2 exam and earn Fortinet NSE 4 – FortiOS 7.2 NSE4_FGT-7.2 certification.