NSE4 · Question #533
NSE4 Question #533: Real Exam Question with Answer & Explanation
The correct answer is C: Encrypted traffic can be identified by application control.. FortiGate Application Control can identify applications even within encrypted traffic and allows for traffic shaping to be applied to the detected application flows.
Question
Which is the following statement are true regarding application control? (choose two)
Options
- AApplication control is based on TCP destination port numbers.
- BApplication control is proxy based.
- CEncrypted traffic can be identified by application control.
- DTraffic Shaping can be applied to the detected application traffic.
Explanation
FortiGate Application Control can identify applications even within encrypted traffic and allows for traffic shaping to be applied to the detected application flows.
Common mistakes.
- A. While some applications commonly use specific TCP destination port numbers, Application Control identifies applications based on signatures, behavioral analysis, and other methods, not solely on port numbers, as applications can often use non-standard ports or port hopping.
- B. FortiGate Application Control operates primarily using flow-based inspection, processing traffic in real-time, rather than acting as a full proxy for every application, although some application-specific controls might engage proxy-like features for deeper inspection.
Concept tested. FortiGate Application Control capabilities
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/526725/application-control
Topics
Community Discussion
No community discussion yet for this question.