ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.2 All Questions

View all questions & answers for the NSE4_FGT-7.2 exam
Go to Exam

Exam NSE4_FGT-7.2 topic 1 question 46 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2
Question #: 46
Topic #: 1
[All NSE4_FGT-7.2 Questions]

Refer to the exhibits.
The exhibits show a firewall policy (Exhibit A) and an antivirus profile (Exhibit B).


Why is the user unable to receive a block replacement message when downloading an infected file for the first time?

  • A. The firewall policy performs a full content inspection on the file.
  • B. The intrusion prevention security profile must be enabled when using flow-based inspection mode.
  • C. Flow-based inspection is used, which resets the last packet to the user.
  • D. The volume of traffic being inspected is too high for this model of FortiGate.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BoostBoris at Feb. 11, 2023, 4:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoostBoris
Highly Voted 2 years, 2 months ago
In flow based inspection, when a virus is detected on a TCP session where some packets have been already forwarded to the receiver, FortiGate resets the connection and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can’t be opened. The IPS engine also caches the URL of the infected file, so that if a second attempt to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.
upvoted 18 times
...
erawemk
Highly Voted 1 year, 10 months ago
Selected Answer: C
NSE4_FortiGate_Security_7.2_Study_Guide page 350
upvoted 6 times
...
Cisco_SE_765
Most Recent 11 months, 1 week ago
Selected Answer: C
C is the correct one
upvoted 2 times
...
Slash_JM
1 year, 7 months ago
Selected Answer: C
FortiGate Security 7.2 Study Guide p.350
upvoted 2 times
...
raydel92
1 year, 8 months ago
Selected Answer: C
C. Flow-based inspection is used, which resets the last packet to the user. Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
upvoted 3 times
...
darkstar15
1 year, 9 months ago
Security 7_2 pag. 363. For flow-based inspection mode scanning, if a virus is detected at the start of the stream, the block replacement page is displayed at the first attempt. If a virus is detected after a few packets have been transmitted, the block replacement page is not displayed. However, FortiGate caches the URL and can display the replacement page immediately, on the second attempt.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago