View all questions & answers for the NSE 4 - FortiOS 7.6 Administrator Exam Materials exam


Question 71 Discussion

Refer to the exhibit. Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit. What can you conclude about the signature when adding the FTP.Login.Failed signature to the IPS Sensor profile? (Choose one answer)

  • A. The signature setting includes a group of other signatures.
  • B. FortiGate stores a local copy of the packet that matches the signature.
  • C. FortiGate allows this low-severity signature packet and creates a log.
  • D. The signature setting uses a custom rating threshold.
Correct Answer: B

Brave-Dump Clients Votes

B 80%
C 20%

Comments



Kiko 2025-09-14 13:01:11

Selected Answers: B


Please refer to the Study Guide page 294.
  • Brave-Dumps Admin 2025-09-14 15:16:35
    Partially correct – Packet Logging is enabled, which means FortiGate does store a copy of the packet, but that’s not the main point of the question, as the "Action" setting is more important here.
  • Kiko 2025-09-15 13:30:48
    The action of the signature here is Block which means, as the Study Guide mentions: Select Block to silently drop traffic matching any signature INCLUDED THE ENTRY (always on page 294.)

Kiko 2025-09-14 20:14:38

Selected Answers: B


@Website Admin: The action of the signature here is Block which, as the Study Guide mentions: Select Block to silently drop traffic matching any signature INCLUDED THE ENTRY (always on page 294.)

Nick 2025-10-22 17:04:28

Selected Answers: B


Only possible answer is B as far as I can see. As Kiko states, the action is set to BLOCK which will silently drop traffic matching any of the signatures included in the entry.

Jay gabasa 2025-10-24 04:12:53

Selected Answers: B


How FortiGate evaluates IPS signatures (Study Guide page ~305–308)

“When you add a signature to an IPS sensor, the sensor’s override settings take precedence over the default signature action in the FortiGuard database.”

This means:

The IPS profile’s action (Block) overrides the base signature’s action (Pass).

The signature “FTP.Login.Failed” is still low severity, but because it’s enabled and logging is on, FortiGate blocks it and logs the event (including packet data).

Giacomo Marielli 2025-10-27 17:17:25

Selected Answers: C


In the IPS profile, the FTP.Login.Failed signature has:

Action = Pass → FortiGate allows the traffic to continue.

Packet Logging = Enable → FortiGate logs packets that match the signature.

Severity = Low → It’s a low-priority event, so no blocking occurs.

➡️ In short, FortiGate lets the traffic through but records it in the logs for monitoring or analysis.

Correct answer: ✅ C. FortiGate allows this low-severity signature packet and creates a log.