FortiGate Conserve Mode Quiz
30 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the first step in optimizing memory use on FortiGate devices?

  • Disable unnecessary features (correct)
  • Reduce the DNS cache
  • Reduce the session TTL
  • Reduce the FortiGuard cache TTL
  • What is the default maximum file size to inspect on FortiGate devices?

  • 3 MB
  • 5 MB
  • 2 MB
  • 10 MB (correct)
  • What is the recommended maximum file size to inspect on FortiGate devices?

  • 5 MB
  • 10 MB
  • 2 MB (correct)
  • 3 MB
  • What is the default session TTL for TCP traffic on FortiGate devices?

    <p>3600 seconds</p> Signup and view all the answers

    What is the default session TTL for UDP traffic on FortiGate devices?

    <p>180 seconds</p> Signup and view all the answers

    What is the recommended session TTL for all traffic on FortiGate devices?

    <p>300 seconds</p> Signup and view all the answers

    What is the purpose of reducing the FortiGuard cache TTL on FortiGate devices?

    <p>To increase the amount of available memory</p> Signup and view all the answers

    What is the purpose of reducing the DNS cache TTL on FortiGate devices?

    <p>To reduce memory allocation to the DNS cache</p> Signup and view all the answers

    What is the purpose of reducing the session TTL on FortiGate devices?

    <p>To increase the amount of available memory</p> Signup and view all the answers

    What is the recommended session TTL for each firewall policy on FortiGate devices?

    <p>300 seconds</p> Signup and view all the answers

    What does the tcp-halfopen-timer control?

    <p>How long a session without SYN-Ack remains in the table after a SYN packet</p> Signup and view all the answers

    What is the default value for tcp-halfclose-timer?

    <p>120</p> Signup and view all the answers

    What is the purpose of reducing TCP session timers?

    <p>To optimize memory use</p> Signup and view all the answers

    How can you set the session-ttl option?

    <p>Using the CLI</p> Signup and view all the answers

    What is the purpose of tcp-timewait-timer?

    <p>Controls how long a session remains in the table after a FIN-Ack packet</p> Signup and view all the answers

    Can you reduce TCP session timers without causing problems to applications?

    <p>Yes</p> Signup and view all the answers

    What is the recommended value for tcp-halfopen-timer?

    <p>8</p> Signup and view all the answers

    What is the purpose of tcp-halfclose-timer?

    <p>Controls how long a session remains in the table after a FIN packet without FIN-Ack</p> Signup and view all the answers

    What is the default value for tcp-timewait-timer?

    <p>1</p> Signup and view all the answers

    What is the purpose of a closed session remaining in the session table for a few seconds more?

    <p>To allow any out-of-sequence packet</p> Signup and view all the answers

    Which command can be used to identify if a FortiGate device is currently in conserve mode?

    <p>diagnose hardware sysinfo conserve</p> Signup and view all the answers

    What happens when the kernel cannot allocate more memory pages?

    <p>The oldest sessions are deleted</p> Signup and view all the answers

    What is the purpose of the command 'diagnose sys session stat'?

    <p>To display the number of sessions deleted by the kernel</p> Signup and view all the answers

    What is an ephemeral session?

    <p>A session that is not fully established</p> Signup and view all the answers

    What is the purpose of FortiOS setting a limit on the total number of ephemeral sessions?

    <p>To prevent DOS attacks</p> Signup and view all the answers

    What are some common types of DOS attacks that involve ephemeral sessions?

    <p>UDP sessions with only one packet</p> Signup and view all the answers

    What is the maximum number of ephemeral sessions that can exist at the same time in the session table?

    <p>It depends on the device model</p> Signup and view all the answers

    What happens when the number of ephemeral sessions increases abnormally during a DOS attack?

    <p>The oldest sessions are deleted</p> Signup and view all the answers

    What is the purpose of FortiGate's mechanism to protect memory use against DOS attacks?

    <p>To protect against some forms of DOS attacks</p> Signup and view all the answers

    Which type of session is categorized as ephemeral?

    <p>A TCP session that is not fully established</p> Signup and view all the answers

    More Like This

    Quiz
    20 questions

    Quiz

    VisionarySugilite avatar
    VisionarySugilite
    Use Quizgecko on...
    Browser
    Browser