Examine the IPS sensor configuration shown in the exhibit, and then answer the question-below.
What are the expected actions if traffic matches this IPS sensor? (Choose two.)
A. The sensor will gather a packet log for all matched traffic.
B. The sensor will not block attackers matching the A32S.Botnet signature.
C. The sensor will block all attacks for Windows servers.
D. The sensor will reset all connections that match these signatures.
B and C are correct – the order of the IPS signatures and Filters matters.
For details see FortiGate_Security_6.2_Study_Guide-Online.pdf page 528 (IPS Sensor Inspection Sequence)
The order will be C first then B, right.
A and C correct
Why is B an C?
B cannot be correct. The A32S.Botnet attacker will be blocked if they target windows OS
incorrect, action is MONITOR => allow traffic + log
For sure the packet will be blocked “without logging” if it targets windows. So C is correct and takes out A.
B is right because the rule is more precise for the A32S.Botnet.
expected actions if traffic matches
– monitor and log packet.
– block without logging.
the correct answer is B and C
should be B C