A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are letting the traffic pass through without action. Given the following:
– The interface to the Internet is on WAN1.
– There is no requirement to specify which addresses are being protected or protected from.
– The protection is to extend to all services.
– The tcp_syn_flood attacks are to be recorded and blocked.
– The udp_flood attacks are to be recorded but not blocked.
– The tcp_syn_flood attack’s threshold is to be changed from the default to 1000.
The exhibit shows the current DoS-policy.
Which policy will implement the project requirements?
A)
B)
C)
D)
http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Examples/Example-%20DoS%
A.
Option A
B.
Option B
C.
Option C
D.
Option D
Explanation:
B&D both have same policy which fulfills the above criteria.
20Policy.htm