In FortiGate Firewall IPS, the "monitor" action is used to allow the traffic to pass through the firewall but still monitor it for potential threats or policy violations. When an IPS sensor detects an intrusion attempt or violation of a security policy, it can trigger an alert or log the event, providing information for further analysis or action. By using the monitor action instead of the block action, you can allow traffic to continue flowing while still gaining visibility into potential security risks. This can be useful in situations where blocking the traffic might cause operational disruptions or false positives. However, it's important to note that the monitor action does not actively block traffic, so it's recommended to use it in conjunction with other security measures, such as firewalls, antivirus software, and intrusion prevention systems, to ensure comprehensive protection against cyber threats.

I believe the answer should be CD.

Correct Answer is CD

Correct Answer is CD When the IPS engine compares traffic with the signatures in each filter, order matters. The Rules are similar to firewall policy matching; the engine evaluates the filters and signatures at the top of the list first, and applies the first match. The engine skips the subsequent filters. FortiGate Security 7.2 StudyGuide p.392

The Right answer is actually A and D, cause there is a catch - the Fortigate is not blocking ALL attacks to windows server cause it is allowing that iSCSI signature to pass through and the matching traffic is indeed set to log

I too believe the answer is CD

I don't see how C and D can be true simultaneously. The answer is AD.

A can not be the correct answer because Packet Logging is disabled for the second signature. So, the answers are C and D.

I rathe say it is A&B. because of detail Microsift.windows.iSCSI.target .Dos and Exempt IP's =0

I believe the answer should be CD