View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 31 Discussion

Which action can you take on FortiGate to block traffic using intrusion prevention system (IPS) protocol decoders, focusing on network transmission patterns and application signatures? (Choose one answer)

  • A. Use the DNS filter to block application signatures and protocol decoders.
  • B. Use application control to limit non-URL-based software handling.
  • C. Enable inspect all ports in flow mode.
  • D. Enable application detection-based SD-WAN rules.
Correct Answer: B

Brave-Dump Clients Votes

B 66.67%
C 33.33%

Comments



Fatma Salih 2025-11-26 22:16:48

Selected Answers: C


C makes more sense

Mahmoud Mohammedali 2025-12-08 10:05:51

Selected Answers: C


C. Enable inspect all ports in flow mode

Explanation:
- Intrusion Prevention System (IPS) on FortiGate uses protocol decoders and application signatures to detect and block malicious traffic patterns.
- By default, IPS inspection may only occur on well-known ports. Enabling "Inspect All Ports" ensures that IPS can analyze traffic across all ports, which is crucial for detecting threats that use non-standard ports or evade traditional port-based filtering.
- This setting works in flow mode, which is optimized for performance while still providing deep inspection.


A. DNS filter: Focuses on domain-based filtering, not IPS protocol decoders.
B. Application control: Controls application usage but does not directly leverage IPS protocol decoders.
D. SD-WAN rules: These are for traffic steering and performance, not IPS threat detection.

Anonymous User 2025-12-26 18:12:33

Selected Answers: B


B. Use Application Control to limit non-URL-based software handling.

Why it’s B (and not C)
Application Control is the feature designed to identify applications by signatures/behavior, and it relies on protocol decoders (the same decoding logic used by IPS) to recognize apps even when they use non-standard ports. Once the application is identified, Application Control can block it directly with an Application Control profile/sensor.
That matches the wording: “protocol decoders… transmission patterns… application signatures” → Application Control.

C. “Inspect all ports in flow mode” is not the blocking mechanism the question is describing.
It’s an inspection scope setting: it tells the inspection engine to look beyond default ports so traffic can’t evade detection by switching ports. It can help detection, but it doesn’t specifically mean blocking traffic based on application signatures via protocol decoders. The question is asking for the feature/action that performs that signature-based blocking, which is Application Control.

In one line:
true. B blocks by application signature/decoder detection.
false. C only broadens inspection to all ports; it’s not the specific “block by app signature” control.

Adam 2026-01-19 08:33:32

Selected Answers: B


From Study Guide:
"Application control operates solely with flow-based inspection and identifies applications through their transmission patterns, using application signatures and protocol decoders, as well as rate-based IPS signatures to spot anomalies."

"flow-based inspections assess all ports, regardless of protocol port-mapping settings"

Mattia Bruno 2026-03-04 10:50:58

Selected Answers: B


transmission patterns are what application control do.
B

Anonymous User 2026-03-06 14:41:56

Selected Answers: B


B is correct. Page 171 of Study guide.