NSE 4 – FortiGate 7.2 — Question 3

An administrator has configured the following settings:
config system settings
set ses-denied-traffic enable
end
config system global
set block-session-timer 30
end
What are the two results of this configuration? (Choose two.)

Answer options

• A. Device detection on all interfaces is enforced for 30 minutes.
• B. Denied users are blocked for 30 minutes.
• C. The number of logs generated by denied traffic is reduced.
• D. A session for denied traffic is created.

Correct answer: C, D

Explanation

The correct answers are C and D because enabling 'ses-denied-traffic' results in logging denied traffic, which reduces the overall number of logs generated. Additionally, the session for denied traffic is created to manage those connections, allowing for better tracking and control of denied sessions. Options A and B do not apply as they incorrectly describe the session management and user blocking mechanisms.