FCSS – Enterprise Firewall Administrator 7.6 — Question 4

Which action can you take on FortiGate to block traffic using intrusion prevention system (IPS) protocol decoders, focusing on network transmission patterns and application signatures?

Answer options

• A. Enable inspect all ports in flow mode
• B. Use application control to limit non-URL-based software handling.
• C. Enable application detection-based SD-WAN rules.
• D. Use the DNS filter to block application signatures and protocol decoders.

Correct answer: B

Explanation

The correct answer is B because application control specifically targets non-URL-based software, allowing for more precise management of application traffic. Options A and C are more about traffic flow and SD-WAN policies rather than directly blocking traffic based on application signatures. Option D misuses DNS filtering, which is not designed to block application signatures or protocol decoders.