exam questions

Exam FCP_FGT_AD-7.4 All Questions

View all questions & answers for the FCP_FGT_AD-7.4 exam

Exam FCP_FGT_AD-7.4 topic 1 question 30 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4
Question #: 30
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

  • A. Traffic matching the signature will be allowed and logged.
  • B. The signature setting uses a custom rating threshold.
  • C. The signature setting includes a group of other signatures.
  • D. Traffic matching the signature will be silently dropped and logged.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
mirko1976
4 days, 5 hours ago
Selected Answer: A
Why D ? This slide from Fortinet Training Institute confirms exactly how IPS Actions behave: Allow → lets traffic through, no blocking. Monitor → lets traffic through but logs the activity. Block → silently drops traffic matching the signature(s). Reset → sends a TCP RST packet to tear down the session. Default → uses the FortiGuard-recommended action for that signature. Quarantine → temporarily blocks the attacker’s IP for a configurable time. Packet logging → saves a copy of the packet for analysis. Relating this to your earlier question about the FTP.Login.Failed signature: Since the signature’s Action is set to Pass/Allow in the IPS profile you showed, the traffic will be allowed and, because packet logging is enabled, it will be logged. So the correct conclusion remains: A. Traffic matching the signature will be allowed and logged.
upvoted 1 times
...
truserud
6 months ago
Selected Answer: D
See page 245 in the Study guide. Action set to block, is the action the IPS Filter will take for the IPS signatures added in the list. "Select Block to silently drop traffic matching any of the signatures included in the entry".
upvoted 2 times
...
sxcap
8 months, 1 week ago
Selected Answer: D
If you want to let the IPS profile to allow the login.fail, you MUST set it on "excempt" so the IPS will stop the rule order)
upvoted 1 times
...
vuhidus
9 months ago
Selected Answer: D
D correct
upvoted 1 times
...
JRKhan
9 months, 1 week ago
Selected Answer: D
D is correct. The action is set to Block at the top of the configuration setting. If it was set to default then the default action underneath for each signature will apply.
upvoted 3 times
...
s4mu3l007
9 months, 3 weeks ago
the ans is D
upvoted 1 times
...
dumpz
10 months, 3 weeks ago
answer it's A.. FTP.login.failed it's in action pass
upvoted 1 times
...
miguelmagr
10 months, 3 weeks ago
Selected Answer: D
I got confused with the IPS Signature Action "Pass". I see Rate-based setting is set to "Default". After many loging fail I guess that action is going to be logged as an action "blocked" when exceed the amount of retries. Am I wrong?
upvoted 1 times
...
youla5
10 months, 3 weeks ago
The answer is D.
upvoted 1 times
...
GopiChandMurari
11 months, 1 week ago
Shouldn't this be A?
upvoted 1 times
refrain8767
2 months, 1 week ago
I was torn between A and D too. The "Pass" shown on the signature is the default action for that signature. The drop-down menu that shows "Block" in the screenshot has "Default as one of its other options. If "Default" is selected, (I'm pretty sure) it defers to the signature's default action. if anything else is selected, it overrides the action shown next ot the signature. Page 240 talks about default signatures.
upvoted 1 times
...
Knocks
11 months, 1 week ago
Nope, the action in the signature list is block (top of the screenshot). It would be A if the action was default or allow, but the action of all the signatures that will be added to this list is going to be block.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...