Given the information shown in the output, which two statements are correct?

NSE8_812 V2 0 Comments

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)
A . Geographical IP policies are enabled and evaluated after local techniques.
B . Attackers can be blocked before they target the servers behind the FortiWeb.
C . The IP Reputation feature has been manually updated
D . An IP address that was previously used by an attacker will always be blocked
E . Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Answer: BE

Explanation:

The CLI output shown in the exhibit indicates that FortiWeb has enabled IP Reputation feature with local techniques enabled and geographical IP policies enabled after local techniques (set geoip-policy-order after-local). IP Reputation feature is a feature that allows FortiWeb to block or allow traffic based on the reputation score of IP addresses, which reflects their past malicious activities or behaviors. Local techniques are methods that FortiWeb uses to dynamically update its own blacklist based on its own detection of attacks or violations from IP addresses (such as signature matches, rate limiting, etc.). Geographical IP policies are rules that FortiWeb uses to block or allow traffic based on the geographical location of IP addresses (such as country, region, city, etc.). Therefore, based on the output, one correct statement is that attackers can be blocked before they target the servers behind the FortiWeb. This is because FortiWeb can use IP Reputation feature to block traffic from IP addresses that have a low reputation score or belong to a blacklisted location, which prevents them from reaching the servers and launching attacks. Another correct statement is that reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored. This is because FortiWeb can use local techniques to remove IP addresses from its own blacklist if they stop sending malicious traffic for a certain period of time (set local-techniques-expire-time), which allows them to regain their reputation and access the servers. This is useful for IP addresses that are dynamically assigned by DHCP or PPPoE and may change frequently. References:

https://docs.fortinet.com/document/fortiweb/6.4.0/administration-guide/19662/ip-reputation

https://docs.fortinet.com/document/fortiweb/6.4.0/administration-guide/19662/geographical-ip-policies

Latest NSE8_812 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download NSE8_812 PDF     NSE8_812 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments