NSE4 Question #361: Real Exam Question with Answer & Explanation

The correct answer is D: Protect against SYN flood attacks.. The SYN proxy feature in FortiGate's SP processors is designed to protect against SYN flood attacks by intercepting and validating TCP handshakes before forwarding them to the destination server.

Submitted by rachelw· Apr 18, 2026Firewall and Authentication

Question

Which statement best describes the objective of the SYN proxy feature available in SP processors?

Options

AAccelerate the TCP 3-way handshake
BCollect statistics regarding traffic sessions
CAnalyze the SYN packet to decide if the new session can be offloaded to the SP processor
DProtect against SYN flood attacks.

Explanation

The SYN proxy feature in FortiGate's SP processors is designed to protect against SYN flood attacks by intercepting and validating TCP handshakes before forwarding them to the destination server.

Common mistakes.

A. While SYN proxy handles the TCP handshake, its primary objective is protection against SYN floods, not general acceleration of the handshake process.
B. Collecting statistics is a general FortiGate function, not the specific objective of the SYN proxy feature.
C. While the SP processor might analyze packets, the core objective of the SYN proxy specifically refers to its role in mitigating SYN flood attacks, not just offloading decisions.

Concept tested. SYN proxy for SYN flood protection

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/fortios-handbook/475176/syn-proxy-and-ack-proxy

Topics

#SYN proxy#DDoS protection#SYN flood

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions