Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)
Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)
The antivirus database queries FortiGuard with the hash of a scanned file, and the hash signatures are obtained from the FortiGuard Global Threat Intelligence database.
CD The hashes are obtained from third party database
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/889364/fortiguard-outbreak-prevention First paragraph
quoting from docs.Fortinet "The hash signatures are obtained from external sources such as VirusTotal, Symantec, Kaspersky, and other third-party websites and services." so E is incorrect. C 100% correct E is correct because you enable VoS under the antivirus profile so AV engine must be enabled.
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/889364/fortiguard-outbreak-prevention -Enabling the AV engine scan is not required to use this feature. -The hash signatures are obtained from FortiGuard's Global Threat Intelligence database
A wrong: FortiGuard VOS can be used in both proxy-based and flow-based policy inspections across all supported protocols. B is suspicious and tricky: As If FortiGuard returns a match, the scanned file is deemed to be malicious, not if the "third-party AV database" returns a match, while on the other hand, the third-party malware hash signatures curated by FortiGuard. C 100% correct: The antivirus database queries FortiGuard with the hash of a scanned file D wrong: Enabling the AV engine scan is not required to use this feature. E 100% correct: The hash signatures are obtained from FortiGuard's Global Threat Intelligence database And all according to this: https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/889364/fortiguard-outbreak-prevention