ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_NST-7.2 All Questions

View all questions & answers for the NSE7_NST-7.2 exam
Go to Exam

Exam NSE7_NST-7.2 topic 1 question 3 discussion

Actual exam question from Fortinet's NSE7_NST-7.2
Question #: 3
Topic #: 1
[All NSE7_NST-7.2 Questions]

Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can you conclude about the conserve mode shown in the exhibit?

  • A. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
  • B. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.
  • C. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
  • D. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by igr777 at Nov. 27, 2024, 2:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PabloSL
5 months, 1 week ago
Selected Answer: D
I believe it is actually D, because the default fail-open behavior for flow inspection which is configured under IPS settings is to drop all new sessions that require inspection. For proxy inspection mode new sessions are allowed with out inspection by default. So D is the correct behavior for each. https://docs.fortinet.com/document/fortigate/7.2.9/administration-guide/194558/conserve-mode
upvoted 2 times
...
evdw
5 months, 1 week ago
Selected Answer: C
• FortiGate does not accept configuration changes because they might increase memory usage. • FortiGate does not run any quarantine action, including forwarding suspicious files to FortiSandbox. • FortiGate applies the action defined in the av-failopen setting to any proxy-based inspected traffic off: All new sessions with content scanning enabled are not passed but FortiGate processes the current active sessions. pass (default): All new sessions pass without inspection until FortiGate switches back to non-conserve mode. one-shot: Similar to pass in that traffic passes without inspection. However, it will keep bypassing the antivirus proxy even after it leaves conserve mode.
upvoted 2 times
...
tuky88
5 months, 2 weeks ago
Selected Answer: C
Default setting conserve mode (Red): All new sessions pass without inspection until Fortigate switches back to non-conserve mode. However, if memory usage exceeds the extreme threshold, new sessions are always dropped regardless of the configuration. The exhibit shows the unit in Red threshold.
upvoted 3 times
...
mbe2024
6 months ago
Selected Answer: D
Fortigate only drop packets when Extreme Threshold is reached
upvoted 1 times
...
igr777
6 months ago
Selected Answer: C
Fortigate only drop packets when Extreme Threshold is reached, but new session that requires inspection are no performed
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel