NSE 7 – Enterprise Firewall 7.0 — Question 48

What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?

Answer options

• A. The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.
• B. The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.
• C. The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.
• D. Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

Correct answer: A

Explanation

The correct answer is A because the dirty flag indicates that the session has been modified and requires a policy match check. Option B is incorrect as it refers to unknown application categories needing rescanning, which is not related to the dirty flag. Option C is wrong because it discusses URL category updates rather than session entry modifications. Option D is not applicable since it addresses disallowed applications rather than session table updates.