NSE 4 – FortiGate 7.0 — Question 45

Which two statements about antivirus scanning mode are true? (Choose two.)

Answer options

• A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
• B. In flow-based inspection mode, files bigger than the buffer size are scanned.
• C. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
• D. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

Correct answer: C, D

Explanation

The correct answers are C and D because, in flow-based inspection mode, FortiGate does indeed buffer the file while transmitting it, which allows for efficient handling of file transfers. In proxy-based inspection mode, the entire file is buffered for scanning before being sent to the client, ensuring that threats are detected before any data is delivered. Options A and B are incorrect as they misrepresent how files larger than the buffer size are handled in these modes.