nse4_fgt-72 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse4_fgt-72 Exam - Question 49

Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.

What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

Show Answer
Correct Answer: AC

Referencing the provided exhibit, traffic matching the FTP.Login.Failed signature will be allowed and logged. While the IPS profile setting indicates an overall 'Block' action for the profile, the specific action assigned to the FTP.Login.Failed signature is 'Pass', which means this particular signature's related traffic will not be blocked but rather allowed and logged as per the settings shown in the exhibit.

Discussion

9 comments
Sign in to comment
rgenesonOption: C
May 14, 2023

The correct answer is C, take a look at the 7.2 Security study guide page 394: Select Block to silently drop traffic matching any of the signatures included in the entry. So, while the default action would be 'Pass' for this signature the administrator is specifically overriding that to set the Block action. To use the default action the setting would have to be 'Default'.

erawemkOption: C
Jul 3, 2023

Correct answer is C beacause IPS action is set to block, if action is set to default it will allow the traffic.

alex4988Option: A
May 7, 2023

Answer A reference http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control

sb_alves
May 14, 2023

I didn't understand this application Control link if the theme is IPS... The right answer is C

sb_alvesOption: C
May 14, 2023

I didn't understand this application Control link if the theme is IPS... The right answer is C

BundOption: C
Jun 18, 2023

allow but final is block by IPS

raydel92Option: C
Sep 12, 2023

C. Traffic matching the signature will be silently dropped and logged. Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

GeniusAOption: C
Dec 22, 2023

C is the correct answer

MengtingLiangOption: C
Apr 29, 2024

C Select Block to silently drop traffic matching any of the signatures included in the entry.

Redrum702Option: C
May 2, 2024

Answer is C: A bit misleading with the IPS signature set to PASS but the following explanation helps: When blocking the signature as an 'IPS Signature and Filter' with the action set to 'block', the default IPS signature action is set to 'pass'. In this case, it will give precedence to the block action of the 'IPS Signature and Filter' and traffic will be blocked, even though the actual IPS signature action is set to 'pass'. https://www.examtopics.com/exams/fortinet/nse4-fgt-7-2/view/13/