Exam NSE4_FGT-6.4 topic 1 question 35 discussion

Answer is 100% C. Tested on my Fortigate by setting Social Networking web filter category to Authenticate and applying that to a high priority policy with full SSL inspection enabled. First action listed in raw log for that IP was blocked, then authentication page popped up, entered credentials for user and then a log with action passthrough was generated.

a. if it were blocked it would not be allowed the second time. b. this is not a policy. c. CORRECT first time was incorrect password second time was correct password. d. that is the name of the filter not the policy Fortigate Security 7.0 PG 381

C é a verdadeira

B is correct

The answer to this one is C. A is incorrect. The web filter category is not explicitly blocked since it is allowed the second time around. B is incorrect. The policy is not what is interacting, the web filter profile is. The question even refers to the "web filter logs." D is incorrect. The name of the web filter profile is "all_users_web" not the firewall policy.

C is correct

The correct answer is A. traffic to the site in the social networking catagory is blocked for all_users_web.

B is correct: When you set the Warning action, you will see firstly the blocked and if you click on the web page to continue to the site you will see another passthrough.

There is no challenge log that shows the user was prompted for authentication. D is incorrect as it is name of the security profile. B is the most appropriate answer. Action-set warning is set for web category not for the firewall policy.

correct C

Also action in the firewall policy is either deny or accept. no warning action

B is correct as the action is set to warning.

Here in the logs we have 2 different sessions, one was blocked by the firewall and the other was passed. Both hitting the same policy id. I think D is the most realistic answer