Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Fortinet FCP > Antivirus > Flashcards

Antivirus Flashcards

1
Q

What is the order of scanning operations for antivirus?

A

Antivirus scan (exact match)
Grayware (unwanted program)
AI Scan (new, unknown)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two Antivirus Signature Databases?

A

Extended: default (signatures for viruses in the most recent months)

Extreme: (all known viruses and old OS support) (does not work on all models)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does CDR stand for?

A

Content disarm and reconstruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

For AV, what is the difference between default scan mode and the legacy scanning mode?

A

Default enhances the scanning of nested archive files without buffering the container file. Where as legacy mode buffers the whole container file, and then scans it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do packets flow in flow-based inspection mode?

A

Packets are buffered and sent to the host, except the last packet. FTG sends all the packets to the IPS engine reassembles the file, sends it to the AV engine, if no virus, then send last packet to host. If there is a virus the last packet is not sent and the connection truncated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Do clients have to wait for the AV scan to finish in proxy inspection mode?

A

Yes, however you can turn on client comfort to pass a block or two so the connection is kept open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does buffering work in Proxy Mode Inspection for AV?

A

The entire file is buffered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is stream-based AV scanning?

A

decompresses large files and then scans and extracts them at the same time. Viruses are detected even if they are in the middle or towards the end of a large archive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What must be configured to enable proxy based AV inspection?

A

You must select proxy based in both the AV profile and FW policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What additional AV scanning options are available if using proxy AV scanning mode?

A

MAPI and SSH inspection
Sanitize MS office and PDFs with CDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

By default, what does FortiOS do with oversized files?

A

it does not scan them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can FTG decompress archive files with a password?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How many layers of compression will FTG scan for viruses? By default?

A

12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Does Fortinet recommend deep-inspection for SSL/SSH for AV Scanning?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What FTG can offload Flow-based AV scanning

A

Models that feature Turbo (NP6 or NP7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can CP8 or CP9 (content processes offload)

A

offload flow-based pattern matching and SSL inspection

17
Q

What command can you use to check if the AV DB is updated?

A

execute update-av

18
Q
A

Fortinet FCP (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions