ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.2 All Questions

View all questions & answers for the NSE4_FGT-7.2 exam
Go to Exam

Exam NSE4_FGT-7.2 topic 1 question 26 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2
Question #: 26
Topic #: 1
[All NSE4_FGT-7.2 Questions]

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)

  • A. The website is exempted from SSL inspection.
  • B. The EICAR test file exceeds the protocol options oversize limit.
  • C. The selected SSL inspection profile has certificate inspection enabled.
  • D. The browser does not trust the FortiGate self-signed CA certificate.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by moutaz1983 at Jan. 5, 2023, 7:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
moutaz1983
Highly Voted 2 years, 4 months ago
It is AC, deep inspection need to be enabled
upvoted 9 times
...
Spyder_Byte
Highly Voted 2 years, 3 months ago
Selected Answer: AC
We're not talking about certificate trust warnings. The file was not decrypted, thus the antivur engine could not recognize the payload as a virus.
upvoted 5 times
...
SollyMalwane
Most Recent 1 year, 4 months ago
Selected Answer: AD
ssl is exampted
upvoted 1 times
...
Slash_JM
1 year, 7 months ago
Selected Answer: AC
FortiGate Security 7.2 Study Guide p.230
upvoted 1 times
...
Kain1077
1 year, 7 months ago
Selected Answer: AC
Answers are A and C. Can't be B because the file was already downloaded through HTTP without problems and D doesn't apply.
upvoted 2 times
...
Jumpy007
1 year, 7 months ago
AC is correct see FortiGate_Security_7.2_Study_Guide-Online p. 230 While offering some level of security, certificate inspection does not permit the inspection of encrypted data. p. 333 Deep-Inspection is required in stead of Certificate-based to ensure content inspection.
upvoted 4 times
...
raydel92
1 year, 8 months ago
Correct: A. The website is exempted from SSL inspection. C. The selected SSL inspection profile has certificate inspection enabled. The same file was blocked through HTTP, so "B" is wrong. Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
upvoted 3 times
...
tinugeorge
1 year, 8 months ago
Selected Answer: BC
B - Since files bigger than the oversize limit are bypassed from scanning although there is option to enable it C - Deep inspection is required for scanning files for virus
upvoted 1 times
spydog
1 year, 7 months ago
Your answer is correct. But in this question it is mentioned - "same file but over HTTPS". If file was successfully scanned and blocked when on HTTP, exact same file over HTTPS will be bigger and there for option B can be eliminated.
upvoted 2 times
...
...
Variant_
1 year, 8 months ago
Selected Answer: AC
AC is correct because if the file is downloading over HTTPS which means that there must be no SSL inspection (or at least the correct ones) so A is true, and C is true because you would need SSL deep-inspection in order to inspect a file over HTTPS.
upvoted 2 times
...
[Removed]
1 year, 8 months ago
Selected Answer: AC
Correct Answer: AC
upvoted 1 times
...
Emiaj23
1 year, 9 months ago
To my knowledge the answers would be C and D
upvoted 1 times
...
clrf26
1 year, 11 months ago
A and C. SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.
upvoted 2 times
...
HernandoZ
1 year, 11 months ago
Selected Answer: AC
Since the file downloaded using http it's not the size.
upvoted 3 times
...
sb_alves
1 year, 12 months ago
B and C. Files larger than 10Mb AV does not analyze
upvoted 1 times
D1360_1304
1 year, 9 months ago
yes, but "when downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file".
upvoted 1 times
...
...
redSTORM
2 years ago
Selected Answer: AC
Correct Answer: AC
upvoted 2 times
...
JonyBGP
2 years ago
Selected Answer: BC
A is opposite of C, so BC is the answer - look up oversize limit on anti-virus
upvoted 2 times
Jeageristt
1 year, 11 months ago
the same file (same size) was downloaded using HTTP so its not B
upvoted 9 times
...
...
marli
2 years ago
AC is the correct ans
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago