ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.0 All Questions

View all questions & answers for the NSE4_FGT-7.0 exam
Go to Exam

Exam NSE4_FGT-7.0 topic 1 question 29 discussion

Actual exam question from Fortinet's NSE4_FGT-7.0
Question #: 29
Topic #: 1
[All NSE4_FGT-7.0 Questions]

An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

  • A. A session for denied traffic is created.
  • B. Denied users are blocked for 30 minutes.
  • C. The number of logs generated by denied traffic is reduced.
  • D. Device detection on all interfaces is enforced for 30 minutes.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Mahesh3012 at Sept. 18, 2022, 3:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
raydel92
4 months, 1 week ago
Selected Answer: AC
Correct: A. A session for denied traffic is created. C. The number of logs generated by denied traffic is reduced. Incorrect: B. Denied users are blocked for 30 minutes. D. Device detection on all interfaces is enforced for 30 minutes. FortiGate Security 7.2 Study Guide (p.69): "During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied." Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
upvoted 1 times
...
toto74500
1 year, 1 month ago
Selected Answer: AC
FortiGate_Security_7.0_Study_Guide page 127: If you have enabled logging in the policy, FortiGate generates traffic logs after a firewall policy closes an IP session. By default, Log Allowed Traffic is enabled and set to Security Events and generates logs for only the applied security profiles in the firewall policy. However, you can change the setting to All Sessions, which generates logs for all sessions. If you enable Generate Logs when Session Starts, FortiGate creates a traffic log when the session begins. FortiGate also generates a second log for the same session when it is closed. But remember that increasing logging decreases performance, so use it only when necessary. During the session, if a security profile detects a violation, FortiGate records the attack log immediately.
upvoted 2 times
toto74500
1 year, 1 month ago
To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation. This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting blocksession-timer in the CLI. By default, it is set to 30 seconds. If the GUI option Generate Logs when Session Starts is not displayed, this means that your FortiGate device does not have internal storage. This option is on the CLI, regardless of internal storage, and is called set logtraffic-start enable.
upvoted 6 times
...
...
Computerhigh
1 year, 2 months ago
Selected Answer: AC
Answer is A&C block-session-timer Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30). integer Minimum value: 1 Maximum value: 300 Since the timer is measured in second and not minutes B would not be correct nor would D since the max timer is 5 minutes or 300 seconds.
upvoted 1 times
...
Kraziest
1 year, 2 months ago
I think its A&B..
upvoted 1 times
Virutas
1 year, 1 month ago
"block-session-timer" value is SECONDS, not minutes as option indicates.
upvoted 1 times
...
...
Kutchek
1 year, 3 months ago
Selected Answer: AC
Tink A & C. "This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting blocksession-timer in the CLI. By default, it is set to 30 seconds." Fortigate Security Study Guide v7.0, Page 123
upvoted 2 times
...
Mahesh3012
1 year, 3 months ago
The answer is A and B
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago