Pregunta 1
Pregunta
Flow-Based Inspection Mode—Full Scan Mode
Respuesta
-
Uses the full antivirus database :
Normal, extended, or extreme—depending on what is configured in the CLI
-
Uses the normal antivirus database :
Normal, extended, or extreme—depending on what is configured in the CLI
Pregunta 2
Pregunta
Flow-Based Inspection Mode—Full Scan Mode (Select 2)
Respuesta
-
Optimized performance compare to proxy-based scan
-
Optimized performance compare to flow-based scan
-
FortiGate buffers the whole file, but transmits to the client simultaneously.
-
FortiGate buffers only a part of the file, and not transmits to the client simultaneously.
Pregunta 3
Pregunta
Flow-Based Inspection Mode—Full Scan Mode
Respuesta
-
When the last packet arrives, the AV engine starts the scan.
Files bigger than buffer size are not scanned—can enable logging of these files.
Packets are not delayed by scan—exceptlastpacket.
Lower perceived latency-data loads faster
-
When the first packet arrives, the AV engine starts the scan.
Files bigger than buffer size are scanned— can´t enable logging of these files.
Packets are not delayed by scan—except first packet.
Faster perceived latency-data loads lower
Pregunta 4
Pregunta
Flow-Based Inspection Mode—Full Scan Mode
Respuesta
-
If a virus is detected, the last packet is dropped and the connection is reset. If an identical request is made, the block replacement page is inserted immediately.
-
If a virus is detected, the first packet is dropped and the connection is reset. If an identical request is made, the block replacement page is inserted again.
Pregunta 5
Pregunta
When the antivirus profile is operating in proxy inspection mode, two scanning mode options are available
Pregunta 6
Pregunta
When the antivirus profile is operating in flow-based inspection mode, two scanning mode options are available:
Pregunta 7
Pregunta
Because the file is transmitted simultaneously, flow inspection mode scanning consumes more CPU cycles.
Pregunta 8
Pregunta 9
Pregunta
Regardless of which mode you use, the scan techniques give similar detection rates. How can you choose between the scan engines? If performance is your top priority:
Respuesta
-
then flow inspection mode is more appropriate. If security is your priority, proxy inspection mode—with client comforting disabled—is more appropriate.
-
then proxy inspection mode is more appropriate. If security is your priority, flow inspection mode—with client comforting disabled—is more appropriate.
Pregunta 10
Pregunta
Uses the IPS engine and embedded compact antivirus database
Faster, less memory usage because the file is not cached, but lower catching rate
Cannot send files to FortiSandbox for inspection
Cannot use advanced heuristics and mobile malware package
Pregunta 11
Pregunta
The quick scan mode option is only available in proxy inspection mode.
Pregunta 12
Pregunta
Some entry-level FortiGate models don’t support quick scan flow-based inspection method.
Pregunta 13
Pregunta 14
Pregunta 15
Pregunta 16
Respuesta
-
Full flow-based
Quick flow-based
Proxy-based
-
Proxy-based
Full flow-based
Quick flow-based
-
Quick flow-based
Proxy-based
Full flow-based
Pregunta 17
Pregunta
What two scanning modes are available in flow-based inspection mode? 8.
Respuesta
-
A. Proxy and NGFW
-
B. Full and quick
Pregunta 18
Pregunta
What antivirus database does quick scan mode use?