B & D is correct, refer to FortiGate 7.4 Study Guide p. 460. It does not accept config changes, because it might increase memory usage even further. It explicitly does NOT run any quarantine actions. You can configure IPS fail-open to control how IPS behaves when the IPS socket buffer is full.
A. FortiGate halts complete system operation and requires a reboot to regain available resources [WRONG]
It prevents to overload the firewall.
B. FortiGate refuses to accept configuration changes [CORRECT]
"FortiGate does not accept configuration changes, because they might increase memory usage."
C. FortiGate continues to run critical security actions, such as quarantine. [WRONG]
"FortiGate does not run any quarantine action, including forwarding suspicious files to FortiSandbox."
D. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled [CORRECT]
"You can configure the fail-open setting under config ips global to control how the IPS engine behaves when the IPS socket buffer is full."
Referece: FortiGate 7.4 Administrator Study Guide, page 460
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
066c9f3
Highly Voted 6 months, 1 week agofa7474b
Highly Voted 6 months, 1 week agoherlock_sholmes_2810
Most Recent 3 months, 2 weeks agovuhidus
5 months, 3 weeks agod1e8e96
6 months agoCharlieS8
6 months, 1 week agodfd68e5
6 months, 1 week ago