NSE 4 – FortiGate 7.2 — Question 72

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk.

What is the default behavior when the local disk is full?

Answer options

• A. No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%.
• B. No new log is recorded until you manually clear logs from the local disk.
• C. Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.
• D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

Correct answer: C

Explanation

The correct answer is C because when the local disk is full, FortiGate will start overwriting older logs after issuing a warning at the 75% usage threshold. Options A and B are incorrect as they do not reflect the overwrite behavior of the logging system, and D is incorrect because it states that the only warning occurs at 95%, which is not the case.