Exam NSE4_FGT-7.2 topic 1 question 85 discussion

B. Configure a web override rating for download.com and select Malicious... D. Configure a static URL filter entry for download.com with Type and Action... FortiGate Security 7.2 Study Guide (p.268-269): "If you want to make an exception, for example, rather than unblock access to a potentially unwanted category, change the website to an allowed category. You can also do the reverse. You can block a website that belongs to an allowed category." "Static URL filtering is another web filter feature. Configured URLs in the URL filter are checked against the visited websites. If a match is found, the configured action is taken. URL filtering has the same patterns as static domain filtering: simple, regular expressions, and wildcard." A. Configure a separate firewall policy with action Deny and an FQDN address object for *.download.com... (incorrect because you still allow root domain) Download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

Tested on 7.0.14 : B : OK D: OK A : NO, fortigate can't resolve *.download.com, but with download.com it's works

Options B and C do not meet the requirement because they do not provide fine control over specific websites. Option B involves overriding the rating by classifying the website as Malicious, which might not be the correct classification and would not block the site. Option C sets the entire category to Warning, which would only issue a warning to users and would not block access to download.com.

AD is valid

BD is a valid response

B. Configure a web override rating for download.com and select Malicious Websites as the subcategory. D. Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

FortiGate Security 7.2 Study Guide (p.268-269)

I don't think it's A because of "object for *.download.com" you can still reach it with https://download.com. The *. don't exclude apply on https://download.com iirc

Such as Brazillian guys says "Confia no pai!..." Correct answers: BD

Hola creo B y D son correctas: B: If you want to make an exception, for example, rather than unblock access to a potentially unwanted category, change the website to an allowed category. You can also do the reverse. You can block a website that belongs to an allowed category. Remember that changing categories does not automatically result in a different action for the website. This depends on the settings within the web filter profile. en la imagen nos muestra una categoria como denegada dentro del perfil (malicious Websites).

I would go for B & D. C is definitivly wrong, and A is to complicated to achieve this. NSE4-SEC Page 268+269 for reference. Even the "wildcard" statement should not be a problem.

Could anyone tell me why B,D isnt the correct answer? I would never create a new firewall policy to block a single site but i have many times in the past used web override ratings to block or unblock sites while leaving the rest intact.

My vote is AB

I think D is incorrect because the type should be "simple" not "wildcard". My vote is A & B.

FortiGate Security 7.2 study guide A. web filter profiles flow based Page 263 D. URL Filtering Page 269

I think B should work.

Why not B?