Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
A.
The sensor will gather a packet log for all matched traffic.
B.
The sensor will reset all connections that match these signatures.
C.
The sensor will block all attacks aimed at Windows servers.
D.
The sensor will allow attackers matching the Microsoft Windows.iSCSI.Target.DoS signature.
In FortiGate Firewall IPS, the "monitor" action is used to allow the traffic to pass through the firewall but still monitor it for potential threats or policy violations.
When an IPS sensor detects an intrusion attempt or violation of a security policy, it can trigger an alert or log the event, providing information for further analysis or action.
By using the monitor action instead of the block action, you can allow traffic to continue flowing while still gaining visibility into potential security risks. This can be useful in situations where blocking the traffic might cause operational disruptions or false positives.
However, it's important to note that the monitor action does not actively block traffic, so it's recommended to use it in conjunction with other security measures, such as firewalls, antivirus software, and intrusion prevention systems, to ensure comprehensive protection against cyber threats.
A is correct:
Monitor-> allow & log
block -> block & log
C correct
D no. order matters. A Microsoft Windows iSCSi matches first, so not all atacks to windows servers are blocked
Correct Answer is CD
When the IPS engine compares traffic with the signatures in each filter, order matters. The Rules are similar to firewall policy matching; the engine evaluates the filters and signatures at the top of the list first, and applies the first match. The engine skips the subsequent filters.
FortiGate Security 7.2 StudyGuide p.392
The Right answer is actually A and D, cause there is a catch - the Fortigate is not blocking ALL attacks to windows server cause it is allowing that iSCSI signature to pass through and the matching traffic is indeed set to log
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
itashraf
Highly Voted 1 year, 8 months agochromevandium11
Highly Voted 2 years agoDavidCA2024
Most Recent 3 months, 1 week agoMalgaw
7 months agoMocix
10 months, 1 week agoChiaPet75
1 year, 1 month agoIgor_Mioralli
1 year, 1 month agoRian
1 year, 3 months agoRewrock
1 year, 9 months agoefot
1 year, 11 months agoNey_mediana
2 years ago