Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
A.
Traffic matching the signature will be silently dropped and logged.
B.
The signature setting uses a custom rating threshold.
C.
The signature setting includes a group of other signatures.
D.
Traffic matching the signature will be allowed and logged.
"pass" is only default action
To explain this: the Pass action on the specific signature would only be chosen, if the Action (on the top) was set to Default. But instead its set to
Block, so the action is will be to block and drop.
A. Traffic matching the signature will be silently dropped and logged.
FortiGate Security 7.2 Study Guide (p.394):
"Select Allow to allow traffic to continue to its destination. Select Monitor to allow traffic to continue to its destination and log the activity. Select Block to silently drop traffic matching any of the signatures included in the entry. Select Reset to generate a TCP RST packet whenever the signature is triggered. Select Default to use the default action of the signatures."
"If you enable Packet logging, FortiGate saves a copy of the packet that matches the signature."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
When you create a new entry to add signatures or filters, you can select the action by clicking Action.
Select Allow to allow traffic to continue to its destination.
Select Monitor to allow traffic to continue to its destination and log the activity.
Select Block to silently drop traffic matching any of the signatures included in the entry. Select Reset to generate a TCP RST packet whenever the signature is triggered.
Select Default to use the default action of the signatures.
Quarantine allows you to quarantine the attacker’s IP address for a set duration. You can set the quarantine duration to any number of days, hours, or minutes.
If you enable Packet logging, FortiGate saves a copy of the packet that matches the signature.
Hello, i think its also D. See this Article from Fortinet:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Exempting-Allow-one-single-IPS-signature-for-IPS/ta-p/192671
From Security guide, pag 529. "Select Default to use the default action of the signatures.". So in this question the action "Block" overrides the action "Pass" of the particular signature.
Es correcto lo que indica Israelq => "Block to the silently" drop traffic matching any signatures included in the entry. "Packet logging", Fortigate saves a copy of the packet that matches the signature.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PSETGS
Highly Voted 1 year, 1 month agochromevandium11
1 year agoraydel92
Most Recent 4 months, 1 week agogeotown
5 months agoNet_Boy_26
10 months agoDriftandLuna
10 months, 1 week agoaleexkvs
12 months agoFabio6699
1 year agototo74500
1 year, 1 month agoDB_BD
1 year, 1 month agoVirutas
1 year, 1 month agoOmar1609
1 year, 2 months agoIsraelq
1 year, 2 months agoBUZOMD
10 months, 1 week ago