Exam FCSS_EFW_AD-7.6 Topic 4 Question 64 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam
Question #: 64
Topic #: 4
Refer to the exhibit, which shows a physical topology and a traffic log.

The administrator is checking on FortiAnalyzer traffic from the device with IP address 10.1.10.1, located behind the FortiGate ISFW device.
The firewall policy in on the ISFW device does not have UTM enabled and the administrator is surprised to see a log with the action Malware, as shown in the exhibit.
What are the two reasons FortiAnalyzer would display this log? (Choose two.)

Suggested Answer: B,D Vote an answer

From the exhibit, ISFW is part of a Security Fabric environment with NGFW-1 as the Fabric Root. In this architecture, FortiGate devices share security intelligence, including logs and detected threats.
ISFW is in a Security Fabric environment:
* Security Fabric allows devices like ISFW to receive threat intelligence from NGFW-1, even if UTM is not enabled locally.
* If NGFW-1 detects malware from IP 10.1.10.1 to 89.238.73.97, this information can be propagated to ISFW and FortiAnalyzer.
The firewall policy in NGFW-1 has UTM enabled:
* Even though ISFW does not have UTM enabled, NGFW-1 (which sits between ISFW and the external network) does have UTM enabled and is scanning traffic.
* Since NGFW-1 detects malware in the session, it logs the event, which is then sent to FortiAnalyzer.

by Arlen at Jun 23, 2026, 11:41 AM

Limited Time Offer

15%

Off

Get Premium FCSS_EFW_AD-7.6 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10