Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
A.
The sensor will block all attacks aimed at Windows servers.
B.
The sensor will gather a packet log for all matched traffic.
C.
The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.
D.
The sensor will reset all connections that match these signatures.
Correct:
A. The sensor will block all attacks aimed at Windows servers.
C. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.
Incorrect:
B. The sensor will gather a packet log for all matched traffic.
D. The sensor will reset all connections that match these signatures.
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
Check on Fortigate Security Study Guide Page 532 ==> In the event of a false-positve outbreak, you can add the tiggered signature as an individual signature and set the action to monitor. This allows you to monitor the signature events using IPS log, while inbestigating the false-positive issue
you have to read the field like a firewall policy; first match first action. Here NTP.spoofed.Kod.DOS is read before windows IPS protection and will be monitored, then windows server is protected for the rest
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raydel92
4 months, 1 week agogeotown
5 months agosb_alves
8 months, 1 week agodude9
10 months agoBUZOMD
10 months, 1 week agoCarlos_lazaro
11 months, 3 weeks agoDylon
10 months, 3 weeks agototo74500
1 year, 1 month agoZBOO
1 year, 2 months ago