Which three statements explain a flow-based antivirus profile? (Choose three.)

Which three statements explain a flow-based antivirus profile? (Choose three.)

A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

B. If a virus is detected, the last packet is delivered to the client.

C. The IPS engine handles the process as a standalone.

D. FortiGate buffers the whole file but transmits to the client at the same time.

E. Flow-based inspection optimizes performance compared to proxy-based inspection.

Answer: A,D,E

Explanation:

A: Flow-based inspection mode uses a hybrid of the scanning modes available in proxy-based inspection.

D: the IPS engine reads the payload of each packet, caches a local copy, and forwards the packet to the receiver at the same time. some operations can be offloaded to SPUs to improve performance (not C).

E: If performance is your top priority, then flow inspection mode is more appropriate. Extra explanation:

A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection. Flow-based inspection combines aspects of both proxy-based and flow-based inspection methods to optimize performance and scanning effectiveness.

D. FortiGate buffers the whole file but transmits to the client at the same time.

In flow-based inspection, FortiGate buffers the entire file for scanning before transmitting it to the client. This allows for comprehensive scanning without delaying the transmission to the client.

E. Flow-based inspection optimizes performance compared to proxy-based inspection.

Flow-based inspection is generally more efficient than proxy-based inspection, especially in high-traffic environments, as it does not require the buffering of entire files before delivery.