Fortinet Exam NSE8_811 Topic 1 Question 19 Discussion

Actual exam question for Fortinet's NSE8_811 exam

Question #: 19
Topic #: 1

A customer has a SCADA environmental control device that is triggering a false-positive IPS alert whenever the Web GUI of the device is accessed. You cannot create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occurring.

In this scenario, which two actions will accomplish this task? (Choose two.)

ACreate a URL filter with the Exempt action for that device IP address.

BChange the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.

CCreate a very specific firewall policy for that device IP address which does not perform IPS scanning.

DReconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based.

Show Suggested Answer

Suggested Answer: A, C

by Vallie at May 09, 2022, 06:38 AM

Limited Time Offer

25%

Off

Get Premium NSE8_811 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!