An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the two results of this configuration? (Choose two.)
A.
Device detection on all interfaces is enforced for 30 minutes.
B.
Denied users are blocked for 30 minutes.
C.
The number of logs generated by denied traffic is reduced.
D.
A session for denied traffic is created.
Answer:
ab
User Votes:
A 4 votes
50%
B 4 votes
50%
C 6 votes
50%
D 7 votes
50%
Discussions
0/ 1000
deepz142
5 months, 1 week ago
C. The number of logs generated by denied traffic is reduced. D. A session for denied traffic is created.
FortiGate Security 7.2 Study Guide (p.69): "During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation. This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds."
Reference and download study guide:
Want to join our community?
Please log in or signup in order to use this feature
C. The number of logs generated by denied traffic is reduced.
D. A session for denied traffic is created.
FortiGate Security 7.2 Study Guide (p.69):
"During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation.
This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds."
Reference and download study guide: