NSE 4 – FortiGate 6.0 — Question 41

What files are sent to FortiSandbox for inspection in flow-based inspection mode?

Answer options

• A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.
• B. All suspicious files that are above the defined oversize limit value in the protocol options.
• C. All suspicious files that match patterns defined in the antivirus profile.
• D. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.

Correct answer: C

Explanation

The correct answer is C because flow-based inspection mode sends files for analysis if they match specific patterns outlined in the antivirus profile. Options A and B are incorrect as they refer to hash values and size limits, respectively, which do not determine the files sent to FortiSandbox in this context. Option D is misleading since it implies a broader set of criteria rather than the specific pattern matching required.