NSE 8 – Network Security Expert (811) — Question 39

A customer has a SCADA environmental control device that is triggering a false-positive IPS alert whenever the Web GUI of the device is accessed. You cannot create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occurring.
In this scenario, which two actions will accomplish this task? (Choose two.)

Answer options

• A. Create a URL filter with the Exempt action for that device IP address.
• B. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.
• C. Create a very specific firewall policy for that device IP address which does not perform IPS scanning.
• D. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based.

Correct answer: A, C

Explanation

The correct answers are A and C because creating a URL filter with the Exempt action will prevent the IPS alerts for that specific device IP, and a specific firewall policy that avoids IPS scanning will also mitigate the false positives. Options B and D do not address the issue directly, as they involve changes to SSL inspection methods that are irrelevant to the problem at hand with the outdated device.