ADE
Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection: the default scanning mode and the legacy scanning mode. Optimized performance compared to proxy-basedscanProxy-based. FortiGate buffers the whole file but transmits it to the client simultaneously. If a virus is detected, the last packet is dropped and the connection is reset.
D as formulate is definitely not a correct answer. FortiOS 7.2 Admin Guide Page 1086. You can read "When a firewall policy's inspection mode is set to flow, traffic flowing through the policy will not be buffered by the FortiGate". Below the link https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/659145
So, as C is not correct too, i think there is a mistake on the formulation of answer D which should be the correct answer.
A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.
D. FortiGate buffers the whole file but transmits to the client at the same time.
E. Flow-based inspection optimizes performance compared to proxy-based inspection.
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection. (correct)
B. If a virus is detected, the last packet is delivered to the client. (Wrong, if a virus is detected the packet is dropped and a RST packet is sent to client)
C. The IPS engine handles the process as a standalone.(since B and D are wrong, C must be correct)
D. FortiGate buffers the whole file but transmits to the client at the same time. (wrong, is flow-based inspection mode the fortigate does not buffer the packets, it delivers them to the client immediately. When the last packet arrives, FortiGate caches it and puts it on hold while performing AV scanning by the AV engine)
E. Flow-based inspection optimizes performance compared to proxy-based inspection. (correct)
A: Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection
D: the IPS engine reads the payload of each packet, caches a local copy, and forwards the packet to the receiver at the same time. some operations can be offloaded to SPUs to improve performance (not C)
E: If performance is your top priority, then flow inspection mode is more appropriate.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cisco_SE_765
1 year, 1 month agoAJMD
1 year, 1 month agoMengtingLiang
1 year, 2 months agoLAFNELL
1 year, 9 months agoraydel92
1 year, 10 months agoVic2911
1 year, 10 months agoVic2911
1 year, 10 months agoSlash_JM
1 year, 10 months agoD1360_1304
1 year, 11 months agoDanny_B
2 years, 1 month agoPaulGo
2 years, 3 months agoBoostBoris
2 years, 5 months agochromevandium11
2 years, 6 months ago