FCSS – SOC Analyst 7.4 — Question 12

While monitoring your network, you discover that one FortiGate device is sending significantly more logs to FortiAnalyzer than all of the other FortiGate devices in the topology.
Additionally, the ADOM that the FortiGate devices are registered to consistently exceeds its quota.
What are two possible solutions? (Choose two.)

Answer options

• A. Reconfigure the first FortiGate device to reduce the number of logs it forwards to FortiAnalyzer.
• B. Increase the storage space quota for the first FortiGate device.
• C. Configure data selectors to filter the data sent by the first FortiGate device.
• D. Create a separate ADOM for the first FortiGate device and configure a different set of storage policies.

Correct answer: A, D

Explanation

Option A is correct because reconfiguring the FortiGate device to send fewer logs will help manage log volume and prevent exceeding quotas. Option D is also correct as creating a separate ADOM allows for tailored storage policies and management. Options B and C do not directly address the issue of excessive log volume; increasing storage does not solve the underlying problem, and filtering might not be sufficient if the initial log volume is too high.