NSE4_FGT-6.4 Exam QuestionsBrowse all questions from this exam
Go to Exam

NSE4_FGT-6.4 Exam - Question 37

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Exhibit A -

Exhibit B -

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

Show Answer
Correct Answer: CD

If the user is unable to receive a block replacement message when downloading an infected file for the first time, it is because the flow-based inspection is being used. In flow-based inspection mode, the FortiGate resets the last packet to the user, which terminates the connection but does not send a block replacement message. This behavior prevents the infected file from being completely downloaded, ensuring it cannot be opened, but does not display an instant block message for the first attempt.

Discussion

11 comments
Sign in to comment
LionardoOption: D
Apr 12, 2021

D is correct. FortiGate_Security_6.4 page 479 Key to rigt answer is "unable to receive a block replacement message when downloading an infected file for the first time"

Cunawaro
Aug 30, 2021

read carefully question final part "when downloading an infected file for the first time?"

Cunawaro
Aug 30, 2021

sorry this reply is not for u comment..

CunawaroOption: D
Aug 30, 2021

D its OK. FG-SG-6.4-P479. • "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately • When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can’t be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.

Cunawaro
Aug 30, 2021

read carefully question final part "when downloading an infected file for the first time?"

davidoneOption: D
Apr 14, 2021

D is correct. Otherwise it should be in"proxy based" to display an instant message of blocking.

jcarlosBOOption: D
Dec 13, 2021

D is the correct

jmt97Option: D
Apr 24, 2021

D is correct.

yadavarya97Option: D
Aug 22, 2021

D is correct

Rman0059Option: D
Dec 8, 2021

D is correct

mrtim5700Option: D
Dec 10, 2021

D is correct. In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.

SandroAlexOption: D
Mar 27, 2022

D é a verdadeira

NicolaeEastOption: D
Aug 24, 2022

You get a block replacement after last packet is dropped, connection is reset, and identical request is made. Fortigate security 7.0 pg 485

AMK2ENGOption: D
Dec 22, 2023

D. The flow-based inspection is used, which resets the last packet to the user