as you can see the parameter on the log view,
1. "vd=root" which means vdom is root.
2. "type=utm" which means security log event.
So, B & C is the correct answer.
B and C are correct: if you pay attention to the security log web filter you can enable the UTM log but if you set the firewall policy as accepting the logs will continue to be blocked which means the answer A is not correct: https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/986892/sample-logs-by-log-type (almost in the middle you'll see web filter logs).
I was confused by this question as well. I thought A, B and C would all be obviously correct. action is blocked, vd is root and type is utm according to the log.
The tricky part is the last part of answer A, though. :-) The action in the firewall policy cannot be set to "DENY" because subtype here is "webfilter" and a webfilter does not have an action "DENY", is only has the action "BLOCK".
Perhaps Im wrong, but If you are working in policy based mode(not profile), you apply the category directly on the policy, and the only actions, are accept or deny. See FortiGate_Security_6.4_Study page 375...besides this there is part in the log where it says profile=default...that makes me think that the working mode is profile based instead of policy based, in such case I agree with you, the answer should be B, C
I think it's A and B
if you see the log it clearly says action = blocked and the message (msg) says "URL belongs to a denied category in a policy".
I did the practice and when I put blocked in the action in category it returns the same log.
Also, are we sure that UTM is a security log?
You can do the practice by going to web filter, blocking some category and trying to enter. Then you must execute in the CLI
"execute log filter category 3 " and "execute log display" you will see the same message in the log
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Djohan23
Highly Voted 4 years agoMelvin91
Most Recent 2 years, 6 months agoariel_df
2 years, 5 months agoChuckC
2 years, 9 months agojuanK1982
3 years agoSandroAlex
3 years, 1 month agomario156090
3 years, 2 months agoforti_Ctes
3 years, 7 months agofranger
3 years, 8 months agoFortiSherlock
3 years, 9 months ago2021gene
3 years, 8 months agowamendoza
3 years, 9 months agoBluegrass168
3 years, 11 months agodavidone
4 years agoFeNadege
4 years, 1 month ago