Exam nse7_efw-70 All QuestionsBrowse all questions from this exam
Go to Exam
Question 7

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

    Correct Answer: A

    The FortiGate web filter processes the URL filter first, followed by the FortiGuard category-based filter. In this scenario, the URL filter allows access to *.dropbox.com, which means the connection is passed to the next filtering step. The FortiGuard category-based filter then checks the URL and finds that it falls under the File Sharing and Storage category, which is set to block. Consequently, FortiGate will block the connection based on the FortiGuard category-based filter configuration.

Discussion
tururu1496Option: D

Order of operation is: 1. URL filter 2. FortiGuard Web Filtering 3. Web content filter 4. Web script filter 5. Antivirus scanning

klapek

URL filter is 'allow' not 'exempt' so it will be block on step 2: FortiGuard Category. Correct answer is A

javim

Coorect! If with "allow" action the next step is to check FortiGuard category. If the category action is "block" the connection is blocked. Correct answer is A

tururu1496

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

tururu1496

A is actually correct. My bad

javim

I aqree!!

Rudi36Option: A

So, I didn’t find this is the training material, however it’s specified on Fortinet.com, correct answer is A. When FortiGate performs a web filter check, it will first check the static URL filter list (if applied to the profile) and based on the action, will then perform the FortiGuard category check. 'Action' descriptions in Static URL see bellow: - 'Block' -> destination is blocked and session dropped, no further category check is needed. - 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action. - 'Exempt' -> destination is exempted from further inspection and traffic is allowed. - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-action-Allow-and-Exempt-in/ta-p/231334

fy64Option: A

I've simulated configuration. It is being blocked because of category block. The answer is 100% A.

mikerssOption: A

The correct answer is A. Explanation: https://community.fortinet.com/t5/FortiGate/Technical-Note-List-of-web-filtering-steps-and-their-order-of/ta-p/197439?cmd=displayKC&docType=kc&externalId=11158 Web filters are applied in this specific order: 1 URL Filter 2 FortiGuard Web Filter (also called Category Block) 3 Content Filter (Web Content Filter) 4 Script Filter (filters for Java applets, ActiveX controls and cookies, CLI config only) 5 Antivirus scanning The URL filter list is processed in order from top to bottom. An exempt match stops all further checking including AV scanning. An allow match exits the URL filter list and checks the other web filters. In this case, the action in the URL Filter is "allow" therefore the FortiGate checks the other web filters. In this case, the next web filter is the FortiGuard Category Based Filter, which in this case is set to block. Therefore traffic is blocked based on the FortiGuard Category Based Filter.

FortiNoobOption: A

A is indeed correct

LAFNELLOption: A

Correct answer is 100% A. Check Study Guide p350 During web Filtering Inspection, Fortigates first check the Static Url Filter list, then the fortiguard categories, and then the content filter list. So even if the static url is allowing the site, it will be blocked and dropped by the fortiguard categories action.

mordechaydOption: A

A - action allow on local wf do not bypass fortiguard wF

ricjscarvalhoOption: C

A the order is URL filter 2. FortiGuard Web Filtering 3. Web content filter 4. Web script filter 5. Antivirus scanning But to be allowed without matching any other critiria it should be exempt and not allowed

red74Option: A

A: Allow The traffic is passed to the remaining FortiGuard web filters, web content filters, web script filters, antivirus proxy operations, and DLP proxy operations. If the URL does not appear in the URL list, the traffic is permitted.

PoBratskyOption: A

Web Filtering inspection is performed in the following order: 1 - URL filter 2 - FortiGuard Web Filter (FortiGuard Category Based Filter) 3 - Web Content Filter 4 - Advanced Filter Options In this case: URL Filter - allow. But in the second step, the blocks by the Category Based Filter.

KocXOption: A

if it was exempt instead of allow on URL filter, it would not be blocked.

jdubyah_Option: D

I agree with tururu1496.

Rottcrown95Option: D

URL filter goes First

scheuriOption: A

Answer A is correct. Reason: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-action-Allow-and-Exempt-in/ta-p/231334 In the URL Filter (which is checked FIRST) dropbox.com is ONLY allowed which prompts Fortigate to check fruther in the UTM (next ist FortiGuard Web Filtering which BLOCKS file sharing). In Order for D to be correct, the URL Filter would need to set dropbox.com on "exempt" (which leads the fortigate to stop checking and allow the traffic at once).

GCISystemIntegratorOption: A

Answer - A - - 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action. - 'Exempt' -> destination is exempted from further inspection and traffic is allowed.

cbu_chOption: A

Order of operation is: 1. URL filter 2. FortiGuard Web Filtering 3. Web content filter 4. Web script filter 5. Antivirus scanning URL filter = ALLOW continues to evaluate the next steps, incl. Web Filtering. If it is required to Allow access to a site regardless of the category, then use "Exempt". https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

olimmuOption: A

action allow, not exempt in URL list