ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 37 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 37
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Exhibit A -


Exhibit B -

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

  • A. The volume of traffic being inspected is too high for this model of FortiGate.
  • B. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
  • C. The firewall policy performs the full content inspection on the file.
  • D. The flow-based inspection is used, which resets the last packet to the user.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Lionardo at April 12, 2021, 7:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lionardo
Highly Voted 4 years ago
D is correct. FortiGate_Security_6.4 page 479 Key to rigt answer is "unable to receive a block replacement message when downloading an infected file for the first time"
upvoted 15 times
Cunawaro
3 years, 8 months ago
read carefully question final part "when downloading an infected file for the first time?"
upvoted 1 times
Cunawaro
3 years, 8 months ago
sorry this reply is not for u comment..
upvoted 1 times
...
...
...
Cunawaro
Highly Voted 3 years, 8 months ago
D its OK. FG-SG-6.4-P479. • "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately • When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can’t be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.
upvoted 5 times
Cunawaro
3 years, 8 months ago
read carefully question final part "when downloading an infected file for the first time?"
upvoted 1 times
...
...
AMK2ENG
Most Recent 1 year, 4 months ago
D. The flow-based inspection is used, which resets the last packet to the user
upvoted 1 times
...
NicolaeEast
2 years, 8 months ago
Selected Answer: D
You get a block replacement after last packet is dropped, connection is reset, and identical request is made. Fortigate security 7.0 pg 485
upvoted 1 times
...
SandroAlex
3 years, 1 month ago
Selected Answer: D
D é a verdadeira
upvoted 1 times
...
jcarlosBO
3 years, 4 months ago
Selected Answer: D
D is the correct
upvoted 3 times
...
mrtim5700
3 years, 4 months ago
Selected Answer: D
D is correct. In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.
upvoted 2 times
...
Rman0059
3 years, 5 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
yadavarya97
3 years, 8 months ago
D is correct
upvoted 2 times
...
jmt97
4 years ago
D is correct.
upvoted 2 times
...
davidone
4 years ago
D is correct. Otherwise it should be in"proxy based" to display an instant message of blocking.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago