NSE4 Question #59: Real Exam Question with Answer & Explanation

Question

Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.)

Options

• AArchive non-compliant outgoing e-mails using FortiMail.
• BRestrict unofficial methods of transferring files such as P2P using Application Control lists on a
• CMonitor database activity using FortiAnalyzer.
• DApply a DLP sensor to a firewall policy.
• EConfigure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.

Explanation

A comprehensive data leakage prevention solution involves multiple Fortinet products and features, including FortiMail for email archiving, FortiGate Application Control for P2P restrictions, and DLP sensors on firewall policies.

Common mistakes.

• C. FortiAnalyzer is primarily a logging, reporting, and analysis tool for collected logs, not a direct real-time monitor of database activity for preventing leakage; a dedicated database security solution would fulfill that role.
• E. While FortiClient can provide endpoint DLP by preventing sensitive files from being copied to USB, this is a local endpoint control and not a network-level or gateway-level measure that is often emphasized in a comprehensive data leakage prevention strategy covering broader traffic flows.

Concept tested. Data Leakage Prevention (DLP) solutions

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/13360/data-leak-prevention

No community discussion yet for this question.