FCP – FortiGate Administrator 7.4 — Question 49

A FortiGate administrator is required to reduce the attack surface on the SSL VPN portal.

Which SSL timer can you use to mitigate a denial of service (DoS) attack?

Answer options

• A. SSL VPN dtls-hello-timeout
• B. SSL VPN http-request-header-timeout
• C. SSL VPN login-timeout
• D. SSL VPN idle-timeout

Correct answer: B

Explanation

The SSL VPN http-request-header-timeout setting is specifically designed to limit the time a request can take, thus helping to prevent DoS attacks by terminating unresponsive connections. The other options, while related to SSL VPN settings, do not directly address the timing of HTTP requests and are less effective in mitigating DoS threats.