NSE 4 – FortiGate 7.0 — Question 70

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Answer options

• A. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.
• B. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
• C. No new log is recorded until you manually clear logs from the local disk.
• D. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

Correct answer: D

Explanation

The correct answer is D because when the local disk is full, FortiGate starts overwriting old logs to make space for new ones after issuing a warning at 75% usage. Option A is incorrect because it suggests logging stops entirely at 95%, while option B states that logging continues until 95% without overwriting, which is not true. Option C is also wrong as it implies manual intervention is required before logging can continue, contrary to the device's default behavior.