An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the two results of this configuration? (Choose two answers)

A. Denied users are blocked for 30 minutes.
B. A session for denied traffic is created.
C. Session helpers are disabled for denied traffic.
D. The number of logs generated by denied traffic is reduced.

Correct Answer: B,D

Brave-Dump Clients Votes

BD 100%

Comments

Brave-Dumps Admin 2025-06-18 13:18:24

Selected Answers: B, D

Dear SP, Thank you for sharing your experience in brave-dumps community!

Answer B & D is correct 100%
As per Fortigate 7.6 Admin page 62: "During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To
reduce the number of log messages generated and improve performance, you can enable a session table
entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all
packets of that session are also denied. This ensures that FortiGate does not have to perform a policy lookup
for each new packet matching the denied session, which reduces CPU usage and log generation.
The CLI command is ses-denied-traffic. You can also set the duration for block sessions. This
determines how long a session will be kept in the session table by setting block-session-timer in the
CLI. By default, it is set to 30 seconds"

You can download All Fortinet study guides in free from here: https://brave-dumps.com/study-and-lab-guides

A is not correct, the timer config is by seconds not minutes as mentioned on the question

Mahboab Ali Ghaleb 2025-07-12 03:25:52

Selected Answers: B, D

correct

Brave-Dumps Admin 2025-07-12 23:26:55
Thanks, Mahboab for your comment!