Refer to the exhibits, which show the firewall policy and an antivirus profile configuration. Why is the user unable to receive a block replacement message when downloading an infected file for the first time?
A.
The intrusion prevention security profile must be enabled when using flow-based inspection mode.
B.
The option to send files to FortiSandbox for inspection is enabled.
C.
The firewall policy performs a full content inspection on the file.
D.
Flow-based inspection is used, which resets the last packet to the user.
D is correct
In Flow Based scanning, if a virus is detected, the final packet is dropped making the file unusable tot the end user. FG caches the URL of the file. If the user attempts to download again, rather than scanning the file again, the IPS engine then sends a block message to the user.
Correct Answer: D. Flow-based inspection is used, which resets the last packet to the user.
Reference: FCP - FortiGate 7.4 Administrator Self-Paced Guide, page 200.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TIGERZ44
Highly Voted 8 months, 4 weeks agosxcap
Most Recent 5 months, 1 week agovuhidus
6 months, 1 week agos4mu3l007
6 months, 4 weeks agowsdeffwd
8 months, 2 weeks agobob511
8 months, 3 weeks ago