Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A.
The IPS engine will continue to run in a normal state.
B.
The IPS engine was unable to prevent an intrusion attack.
C.
The IPS engine was blocking all traffic.
D.
The IPS engine was inspecting high volume of traffic.
FortiGate_Security_7.0_Study_Guide page 567
If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be.
Option 5 enables IPS bypass mode.
In this mode, the IPS engine is still running, but it is not inspecting traffic.
If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model.
If the CPU use remains high after enabling IPS bypass mode, it usually indicates a problem in the IPS engine, which you must report to Fortinet Support.
D. The IPS engine was inspecting high volume of traffic.
FortiGate Security 7.2 Study Guide (p.417):
"If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be. Option 5 enables IPS bypass mode. In this mode, the IPS engine is still running, but it is not inspecting traffic. If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be. Option 5 enables IPS bypass mode. In this mode, the IPS engine is still running, but it is not inspecting traffic. If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model.
From: Page 416
FortiGate Security 7.2 Study Guide
toto74500 1 month, 1 week ago
FortiGate_Security_7.0_Study_Guide page 567
If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be.
Option 5 enables IPS bypass mode.
In this mode, the IPS engine is still running, but it is not inspecting traffic.
If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model.
If the CPU use remains high after enabling IPS bypass mode, it usually indicates a problem in the IPS engine, which you must report to Fortinet Support.
I guess the answer here is D.
it mentioned "was" means before, so it's pertaining that the volume of traffic is high before they disabled the IPS.. causing the CPU usage to decreased.
B on the other hand, is not true.. It is able to prevent an intrusion attack and will always be.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
toto74500
Highly Voted 1 year, 1 month agoraydel92
Most Recent 4 months, 1 week agogeotown
5 months agovelrisan
8 months agovelrisan
8 months agohamidreza0010
10 months, 2 weeks agoEgendary
11 months, 3 weeks agocastaway
12 months agokosta_georgiev
12 months agoPoBratsky
1 year agohijiri
1 year agoazizkasmir
1 year, 1 month agoEliasM
1 year, 1 month agoJT20
1 year, 2 months agoArlequin
1 year, 2 months agoTunaSD
1 year, 2 months agoLargadoaki
1 year, 2 months ago