Explanation/Reference:
Explanation
Indicates TCP (proto=6) session in SYN_SENT state (proto=state=2) https://kb.fortinet.com/kb/
viewContent.do?externalId=FD30042
QUESTION 3
21 - (Exam Topic 1)
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the
client.
C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it
to the client.
D. In flow-based inspection mode, files bigger than the buffer size are scanned.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That
is large enough for most files, except video files. If your FortiGate model has more RAM, you may be
able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this
threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No.
Regardless of vendor or model, you must make a choice. This is because of the difference between
scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to
detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something
that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You
can see that with the default 10 MB threshold, only 0.01% of viruses pass through.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is
large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to
increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold
balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless
of vendor or model, you must make a choice. This is because of the difference between scans in theory,
that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of
malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in
the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the
default 10 MB threshold, only 0.01% of viruses pass through.
QUESTION 4
22 - (Exam Topic 1)
Refer to the web filter raw logs.
Practice Test Fortinet - NSE4_FGT-7.0
VIP享7折,此内容立减5.97元 
