View all questions & answers for the FCSS - Network Security 7.4 Support Engineer Exam Materials exam


Question 17 Discussion

Refer to the exhibit, If the default settings are in place, what can you conclude about the conserve mode shown in the exhibit? (Choose one answer)

  • A. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions
  • B. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection
  • C. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use
  • D. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection and is performing inspection on those sessions
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Brave-Dumps Admin 2025-05-12 13:33:16

Selected Answers: A


Study guide page 61 confirms A

"The av-failopen setting defines the action that is applied to any proxy-based inspected traffic while FortiGate is in conserve mode (and as long as the memory usage does not exceed the extreme threshold). This setting also applies to flow-based antivirus inspection. You can configure one of three different actions:

off: All new sessions with content scanning enabled are not passed but FortiGate processes the current active sessions.

pass (default): All new sessions pass without inspection until FortiGate switches back to non-conserve mode.

one-shot: Similar to pass in that traffic passes without inspection. However, it will keep bypassing the antivirus proxy even after it leaves conserve mode. Administrators must either change this setting, or restart FortiGate to restart the antivirus scanning.

However, if memory usage exceeds the extreme threshold, new sessions are always dropped, regardless of the FortiGate configuration."