App Control

1

Which statement about the application control database is true?

1

The application control proﬁle consists of three different types of ﬁlters: (Select 3)

1

QUIC is a protocol from Google. Instead of using the standard TCP connections for web access it uses UDP which is not scanned by the web ﬁltering. Allowing QUIC instructs FortiGate to inspect Google Chrome packets for a QUIC header and generate logs as a QUIC message. Blocking QUIC forces Google Chrome to use HTTP2/TLS1.2 and FortiGate to log the QUIC as blocked. The default action for QUIC is

1

Then, FortiGate scans packets for matches, in this order, for the application control proﬁle:

❌ Finally, the application control proﬁle applies the action that you've conﬁgured for applications in your selected Categories.

❌ If you have conﬁgured any Application Overrides, the application control proﬁle considers those ﬁrst. it looks for a matching override starting at the top of the list, like ﬁrewall policies.

❌ If no matching application override exists, then the application control proﬁle applies the action based on conﬁgured Filter Overrides.

3. Categories:

1. Application Overrides:

2. Filter Overrides:

1

Application control profile actions: (Choose 4)

1

Which statement about application control is true?

1

App control three different types of filters

1

Allowing QUIC instructs FortiGate to inspect Google Chrome packets for a QUIC header and generate logs as a QUIC message. Allow QUIC forces Google Chrome to use HTTP2/TLS1.2 and FortiGate to log the QUIC as blocked. The default action for QUIC is Allow.

1

Scanning order

1

Which statement about application control in NGFW policy-based configuration is true?

1

What statement about the HTTP block page for application control is true?

1

Where do you enable logging of application control events?

1

Which of the following information will not be included in the application event log when using NGFW policy-based mode?

1

Force FortiGate to check for new application control updates.

1

Which TCP port does FortiGuard use for application control?

1

Which SSL/SSH inspection method is recommended for use with application control scanning to improve application detection?

NSE4 6.0 NSE4 6.0 Quiz on App Control, created by Marcos Avila on 17/08/2018.

App Control

Which statement about the application control database is true?

The application control proﬁle consists of three different types of ﬁlters: (Select 3)

Application control profile actions: (Choose 4)

Which statement about application control is true?

App control three different types of filters

Allowing QUIC instructs FortiGate to inspect Google Chrome packets for a QUIC header and generate logs as a QUIC message. *Allow QUIC forces Google Chrome to use HTTP2/TLS1.2 and FortiGate to log the QUIC as blocked. The default action for QUIC is *Allow.

Scanning order

Which statement about application control in NGFW policy-based configuration is true?

What statement about the HTTP block page for application control is true?

Where do you enable logging of application control events?

Which of the following information will not be included in the application event log when using NGFW policy-based mode?

Force FortiGate to check for new application control updates.

Which TCP port does FortiGuard use for application control?

Which SSL/SSH inspection method is recommended for use with application control scanning to improve application detection?

Allowing QUIC instructs FortiGate to inspect Google Chrome packets for a QUIC header and generate logs as a QUIC message. Allow QUIC forces Google Chrome to use HTTP2/TLS1.2 and FortiGate to log the QUIC as blocked. The default action for QUIC is Allow.