Correct:
B. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
D. Optimized performance compared to proxy-based inspection.
E. FortiGate buffers the whole file but transmits to the client simultaneously.
Incorrect:
A. IPS engine handles the process as a standalone
C. If the virus is detected, the last packet is delivered to the client.
FortiGate Security 7.2 Study Guide (p.350):
"Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection"
"If performance is your top priority, then flow inspection mode is more appropriate"
"As you can see on this slide, the client sends a request and starts receiving packets immediately, but FortiGate also caches those packets at the same time."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
Nope, C is not correct. "When a virus is detected on a TCP session where some packets have been already forwarded to the receiver, FortiGate resets the connection and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can’t be opened."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raydel92
4 months, 1 week agodarkspawn117
1 year, 2 months agoJT20
1 year, 2 months agoiseeusee
1 year, 2 months agojohnpersil
1 year, 2 months agoSubash_2022
1 year, 3 months agoErnestokoro
1 year, 4 months ago