It doesn't say it's required encrypt the traffic, the B says, if you want to encrypt it, you have to enable reliable logging. So the correct answer is B, not D.
Reliable logging changes the log transport delivery from UDP to TCP. Then, only if you are using Reliable logging, you can do encryption.
NSE 4 training 7.2 training material: Fortigate Security: 05.Logging and Monitoring: Page 22, Reliable logging and OFTPs
Correct. Relaible Logging changes delivery method from UDP to TCP as TCP provides relaible data transfer gauranteeing that the transfered data remains intact and arrives in the same order in which it was sent.
A. Reliable logging is enabled by default in all configuration scenarios.
Incorrect: Reliable logging is not enabled by default; it must be manually configured via the CLI.
B. Reliable logging is required to encrypt the transmission of logs.
Incorrect: Reliable logging ensures reliable delivery, but encryption is handled separately (e.g., using TLS).
D. Reliable logging prevents the loss of logs when the local disk is full.
Incorrect: Reliable logging helps prevent log loss during connectivity issues with the log server, not when the local disk is full.
OK let's go to the root.
It's true reliable logging can encrypt the logs, it's true it changes the delivery method, but all this are just features.
The main reason to use reliable logging is prevents lost logs
When reliable mode is enabled:
-Logs are cached in a FortiOS memory queue.
-FortiOS sends logs to FortiAnalyzer, and FortiAnalyzer uses seq_no to track received logs.
-After FortiOS sends logs to FortiAnalyzer, logs are moved to a confirm queue in FortiOS.
-FortiOS periodically queries FortiAnalyzer for the latest seq_no of the last log received, and clears logs from the confirm queue up to the seq_no.
-If the connection between FortiOS and FortiAnalyzer is disrupted, FortiOS resends the logs in the confirm queue to FortiAnalyzer when the connection is reestablished.
C. Reliable logging can be configured only using the CLI.
This option correctly describes the use of reliable logging in FortiGate, as this feature is configured exclusively through the FortiGate command-line interface (CLI).
If you enable logging to FortiAnalyzer using the GUI, reliable logging is automatically enabled. FortiGate Securty 7.2 Study Guide p.191. So, B is the correct answer.
D. Reliable logging prevents the loss of logs when the local disk is full.
This statement is correct. Reliable logging on FortiGate ensures that log entries are not lost even when the local storage (disk) is full. It achieves this by using methods like log rate limiting or sending logs to external syslog servers to free up local disk space.
Answer B: The FortiProxy unit implements the RAW profile of RFC 3195 for reliable delivery of log messages. Reliable syslog protects log information through authentication and data encryption and ensures that the log messages are reliably delivered in the correct order. This feature is disabled by default.
https://help.fortinet.com/fortiproxy/10/Content/Admin%20Guides/FPX-AdminGuide/1100_Logging/1101_Log-settings.htm
D
D. Reliable logging prevents the loss of logs when the local disk is full.
Reliable logging ensures that logs are not lost even when the local disk is full by utilizing a secondary logging destination, such as a FortiAnalyzer or syslog server. This redundancy helps maintain a record of events even in situations where the local storage capacity is exceeded.
Answer is B: Security Guide says: "Optionally, if using reliable logging, you can encrypt communications using SSL-encrypted OFTP traffic, so when a log message is generated, it is safely transmitted across an unsecure network."
I have been reading that the reliable logging is used when a) you need encryption b) the connection to the FAZ is disrupted. Is there a link where it states that it is also used when the disk is full?
guys, how most of you can say that the correct answer is B. What's the reliable of the document you shared named "NSE4 - Security Training 7.2 - Study Guide" on a web site... Please have a look at the link for this answer: https://docs.fortinet.com/document/fortigate/7.2.0/new-features/942202/improve-fortianalyzer-log-caching
my only goal is to find the correct answer. please share your feedback
Reliable logging on FortiGate is used to prevent the loss of logs when the connection between FortiOS and FortiAnalyzer is disrupted. When reliable mode is enabled, logs are cached in a FortiOS memory queue. FortiOS sends logs to FortiAnalyzer, and FortiAnalyzer uses seq_no to track received logs.
Therefore, the correct answer is:
D. Reliable logging prevents the loss of logs when the local disk is full.
Please note that this information is based on the FortiGate documentation and the actual behavior might vary depending on the specific configuration and version of your FortiGate device. If you have further questions, it’s recommended to refer to the official FortiGate documentation or contact Fortinet support.
Reliable logging to FortiAnalyzer prevents lost logs when the connection between FortiOS and FortiAnalyzer is disrupted. When reliable mode is enabled:
Logs are cached in a FortiOS memory queue.
FortiOS sends logs to FortiAnalyzer, and FortiAnalyzer uses seq_no to track received logs.
After FortiOS sends logs to FortiAnalyzer, logs are moved to a confirm queue in FortiOS.
FortiOS periodically queries FortiAnalyzer for the latest seq_no of the last log received, and clears logs from the confirm queue up to the seq_no.
If the connection between FortiOS and FortiAnalyzer is disrupted, FortiOS resends the logs in the confirm queue to FortiAnalyzer when the connection is reestablished.
I think it´s neither B nor D but C, because afaik you are only able to configure reliable logging from cli. D says, that reliable logging ensures that logs are not lost if the disk is full. But reliable logging is related to transport logs to remote FortiAnalyzer or a Syslog server with transport reliability (tcp not udp), and optionally encrypted.
I can´t find it in WebUI but always a decription via cli:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-reliable-delivery-of-syslog-messages-from/ta-p/193012
https://docs.fortinet.com/document/fortianalyzer/7.2.0/new-features/594699/log-caching-enhancement
I agree. I just logged in to a FG and issued show full-confiugraion under fortianalyzer setting and I get "set reliable disable" it means by default this feature is not active, also not available on GUI.
Besides, encryption could happen even if it sends udp.
C is the correct answer.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RCouto
Highly Voted 2 years, 2 months agoMoe1416
2 years agodarkdante24
1 year, 3 months agoDSB2022
9 months, 1 week agoleadac
Highly Voted 2 years, 3 months agoChinkSantana
2 years, 2 months agoBapo
Most Recent 2 weeks, 5 days agoAPUK
4 months, 1 week agodavidmdlp85
5 months, 2 weeks agoSoulader
8 months, 2 weeks agomasterofspeed
9 months, 3 weeks agoPurpleRain28
9 months, 3 weeks agolffmuc
10 months agoRedrum702
12 months agoMqbx
1 year agoGopiChandMurari
1 year agoedwsi
1 year agoAngegardien
1 year, 1 month agoemretopal
1 year, 2 months agoUmbrella2000
1 year, 3 months agoCCWINT
1 year, 1 month agochupapi_001
1 year, 3 months agoArtbrut
1 year, 3 months agoImanism
1 year, 3 months ago