Question 16 - Fortinet FCP_FAZ_AD-7.4 Real Exam Questions [Jan 2026 Update]

Q: 16

You finished registering a FortiGate device. After traffic starts to flow through FortiGate, you notice that only some of the logs expected are being received on FortiAnalyzer. What could be the reason for the logs not arriving on FortiAnalyzer?

Options

Correct Answer:

Explanation

The most direct and common reason for receiving only a subset of expected logs from a FortiGate is an incomplete logging configuration on the FortiGate itself. FortiOS provides granular control over logging. An administrator must explicitly enable logging for individual firewall policies, security profiles (such as Antivirus, Web Filter, and IPS), and various system events. If logging is enabled for some policies or events but not others, FortiAnalyzer will only receive the logs that were configured to be sent, resulting in a partial log set.

Why Incorrect

A. FortiGate was added to the wrong ADOM type. An incorrect ADOM type primarily affects management capabilities and the availability of specific features in the FortiAnalyzer GUI, not the fundamental transport of logs from the FortiGate.

B. This FortiGate model is not fully supported. If a model were unsupported, it would likely fail to register correctly or send any logs at all, rather than sending only some logs.

D. This FortiGate is part of an HA cluster but it is the secondary device. While a secondary HA unit only sends its own system logs and not traffic logs, the question implies an expectation of logs from traffic flow. The root cause for missing expected traffic logs from the cluster as a whole would still be a configuration issue on the primary unit (Option C).

References

1. FortiOS 7.4 Administration Guide: In the "Firewall policies" section

it is detailed that for each policy

an administrator must enable the "Log Violation Traffic" option to record logs for traffic handled by that policy. This demonstrates the need for explicit configuration. (Reference: FortiOS Administration Guide 7.4

Chapter: "Firewall"

Section: "Firewall policies").

2. FortiAnalyzer 7.4.2 Administration Guide: The troubleshooting section lists "The logging device is not configured to send logs to the FortiAnalyzer unit" as a primary reason for not receiving logs. This directly supports the idea that the source device's configuration is a critical factor. (Reference: FortiAnalyzer Administration Guide 7.4.2

Chapter: "Troubleshooting"

Section: "Logs are not being received from a registered device").

3. FortiOS 7.4 High Availability Guide: The "HA logging" section explains that in an active-passive cluster

the primary unit is responsible for sending traffic logs. The secondary unit only sends logs about its own operation. This confirms that a configuration issue on the primary unit (Option C) would be the reason for missing traffic logs from the cluster. (Reference: FortiOS High Availability Guide 7.4

Chapter: "Introduction to HA"

Section: "HA logging").

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE