Which three statements explain a flow-based antivirus profile? (Choose three.)
Which three statements explain a flow-based antivirus profile? (Choose three.)
Flow-based inspection utilizes a hybrid of the scanning modes available in proxy-based inspection, which allows for flexible and efficient detection of threats. The IPS engine handles the process independently from the main system, ensuring a streamlined and effective operation. Additionally, flow-based inspection is designed to optimize performance compared to traditional proxy-based inspection, offering enhanced speed and efficiency in processing traffic.
ADE is correct.
A: Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection D: the IPS engine reads the payload of each packet, caches a local copy, and forwards the packet to the receiver at the same time. some operations can be offloaded to SPUs to improve performance (not C) E: If performance is your top priority, then flow inspection mode is more appropriate.
7.2 SEC 350
A, D and E, FortiGate Security 7.2 Study Guide Page 350
FortiGate Security 7.2 Study Guide p.350
ADE Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection: the default scanning mode and the legacy scanning mode. Optimized performance compared to proxy-basedscanProxy-based. FortiGate buffers the whole file but transmits it to the client simultaneously. If a virus is detected, the last packet is dropped and the connection is reset.
Correct answer is A, D, E
A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection. (correct) B. If a virus is detected, the last packet is delivered to the client. (Wrong, if a virus is detected the packet is dropped and a RST packet is sent to client) C. The IPS engine handles the process as a standalone.(since B and D are wrong, C must be correct) D. FortiGate buffers the whole file but transmits to the client at the same time. (wrong, is flow-based inspection mode the fortigate does not buffer the packets, it delivers them to the client immediately. When the last packet arrives, FortiGate caches it and puts it on hold while performing AV scanning by the AV engine) E. Flow-based inspection optimizes performance compared to proxy-based inspection. (correct)
I misread the D sentence. D answer is correct
A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection. D. FortiGate buffers the whole file but transmits to the client at the same time. E. Flow-based inspection optimizes performance compared to proxy-based inspection. Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
D as formulate is definitely not a correct answer. FortiOS 7.2 Admin Guide Page 1086. You can read "When a firewall policy's inspection mode is set to flow, traffic flowing through the policy will not be buffered by the FortiGate". Below the link https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/659145 So, as C is not correct too, i think there is a mistake on the formulation of answer D which should be the correct answer.
correct pag 350
A,D,E are the correct one