An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
A. tcp_port_scan
B. ip_dst_session
C. udp_flood
D. ip_src_session
|
Download Printable PDF. VALID exam to help you PASS. |
 |
B is correct, see FortiGate_Infrastructure_6.2_Study_Guide-Online.pdf page 541
B – “Destination signatures look for large volumes of traffic destined for a single IP.” (Page 541 of Security 6.2 Study Guide)
Ans is A.
Question asked for SMTP(TCP) not to Throttle specific IP address. Clearly mentioned TCP session.
Read the question again….it says “…volume of SMTP sessions TO their email server….”
The Correct answer 100% A If addmin want to all traffic reduce answer b or d. snmp packet l4 so tcp_port_scan is correct
check https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Policies/IPv4%20DoS%20Policy.htm
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Security%20Policies/DoS%20Protection.htm +++
The Correct answer 100% A If addmin want to all traffic reduce answer b or d. snmp packet l4 so tcp_port_scan is correct
check https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Policies/IPv4%20DoS%20Policy.htm
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Security%20Policies/DoS%20Protection.htm
B
B i think. cause tcp_port_scan is to detect and block port scanner’s probing attempts.
Fortigate security guide
Yes. Obviously B, since we are trying to limit sessions to a destination.
Why is everyone talking about port_scans when the question says…..”the total volume of SMTP sessions”. We already know SMTP is too busy, the admin wants to reduce this SMTP sessions to a known DESTINATION that is the mail server.
The correct answer is B.