ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.0 All Questions

View all questions & answers for the NSE4_FGT-6.0 exam
Go to Exam

Exam NSE4_FGT-6.0 topic 1 question 118 discussion

Actual exam question from Fortinet's NSE4_FGT-6.0
Question #: 118
Topic #: 1
[All NSE4_FGT-6.0 Questions]

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

  • A. SMTP.Login.Brute.Force
  • B. IMAP.Login.brute.Force
  • C. ip_src_session
  • D. Location: server Protocol: SMTP
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by montonearm at March 4, 2020, 9:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jbernard
Highly Voted 5 years ago
B is correct, Anomalies can be zero-day or denial of service attack Are Detected by behaivoral analysis: Rate Based IPS Signatures DoS Policies Protocol Constraint Inspections Fortigate Security Guide, Page 518
upvoted 5 times
...
paridhi
Most Recent 4 years, 5 months ago
B Because DoS is disabled https://docs.fortinet.com/document/fortigate/6.0.0/handbook/486206/dos-protection Status The status field is enabled to enable the sensor for the associated anomaly.
upvoted 2 times
dragonwise
3 years, 10 months ago
Why not A since the IPS should detect the attack right away, while IMAP filter needs needs 60 hits during 10 second for IPS to consider the attack?
upvoted 3 times
...
...
henzoo
4 years, 6 months ago
C is correct. In FortiOS, the DoS scans precede the policy engine at the incoming interfaces, thus eliminating unnecessary sessions from the firewall process and state table entry during a surge of attack traffic. https://docs.fortinet.com/document/fortigate/6.0.0/Handbook/48143/intrusion-prevention-system-ips
upvoted 1 times
...
ramzie
4 years, 8 months ago
Answer is b
upvoted 1 times
...
Levis
5 years ago
C is defiately
upvoted 1 times
...
chameleon_eh
5 years ago
The anser is C. https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts - Firewall/DoS Protection.htm
upvoted 3 times
...
Aril
5 years, 3 months ago
Should be C. DOS policy check comes prior to UTM/NGFW policy check. Refer to Fortigate Life of Packet 6.0 docs
upvoted 3 times
xAyx
5 years ago
DoS policy disabled in this scenario
upvoted 12 times
...
...
montonearm
5 years, 3 months ago
C i think
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel