NSE4 · Question #275
NSE4 Question #275: Real Exam Question with Answer & Explanation
Sign in or unlock NSE4 to reveal the answer and full explanation for question #275. The question stem and answer options stay visible for context.
Question
An administrator is examining the attack logs and notices the following entry: device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect- servers tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A Based solely upon this log message, which of the following statements is correct?
Options
- AThis attack was blocked by the HTTP protocol decoder.
- BThis attack was caught by the DoS sensor "protect-servers".
- CThis attack was launched against the FortiGate unit itself rather than a host behind the FortiGate
- DThe number of concurrent connections to destination IP address 64.64.64.64 has exceeded the
Unlock NSE4 to see the answer
You've previewed enough free NSE4 questions. Unlock NSE4 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.