NSE4 · Question #526
NSE4 Question #526: Real Exam Question with Answer & Explanation
The correct answer is A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, D. In firewall policies where IPS is not needed, disable IPS.. To optimize IPS performance, one should refine custom signatures, selectively disable unneeded signatures and anomaly detection in IPS sensors, and disable IPS on firewall policies where it's not required.
Question
Options
- AIn custom signature, remove unnecessary keywords to reduce how far into the signature tree
- BIn IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols,
- CIn IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.
- DIn firewall policies where IPS is not needed, disable IPS.
- EIn firewall policies where IPS is used, enable session start logs.
Explanation
To optimize IPS performance, one should refine custom signatures, selectively disable unneeded signatures and anomaly detection in IPS sensors, and disable IPS on firewall policies where it's not required.
Common mistakes.
- C. There is no standard 'Advanced' to 'Basic' switch for IPS filters that universally applies only the 'most essential signatures'; IPS relies on granular selection or pre-defined sensors for optimization.
- E. Enabling session start logs increases logging overhead and resource consumption, which would reduce performance rather than improve it.
Concept tested. FortiGate IPS performance optimization
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/178553/ips-best-practices
Topics
Community Discussion
No community discussion yet for this question.