Refer to the exhibits. The exhibits show the IPS sensor and DoS policy configuration. When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
I think A is right, because the DoS Policy will be processed before any other policy.
https://docs.fortinet.com/document/fortigate/6.2.0/parallel-path-processing-life-of-a-packet/86811/packet-flow-ingress-and-egress-fortigates-without-network-processor-offloading
The correct answer is A.
DoS scans are handled very early in the life of the packet to determine whether the traffic is valid or is part of a DoS attack.
A.
“When detecting attacks”, but it doesn't say what kind of attack, so the most possible first to trigger is anomaly, as ip_src_session in the exhibit.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hkhan049
Highly Voted 4 years, 3 months agoccsa_ccse
Highly Voted 4 years, 1 month agoSebaAr22
Most Recent 4 years, 3 months agoDestaire
4 years, 3 months agoDestaire
4 years, 3 months agosogetsu
4 years, 3 months ago