FortiGate Conserve Mode Quiz

Questions and Answers

What is the first step in optimizing memory use on FortiGate devices?

• Disable unnecessary features (correct)
• Reduce the DNS cache
• Reduce the session TTL
• Reduce the FortiGuard cache TTL

What is the default maximum file size to inspect on FortiGate devices?

• 3 MB
• 5 MB
• 2 MB
• 10 MB (correct)

What is the recommended maximum file size to inspect on FortiGate devices?

• 5 MB
• 10 MB
• 2 MB (correct)
• 3 MB

What is the default session TTL for TCP traffic on FortiGate devices?

3600 seconds (C)

What is the default session TTL for UDP traffic on FortiGate devices?

180 seconds (C)

What is the recommended session TTL for all traffic on FortiGate devices?

300 seconds (B)

What is the purpose of reducing the FortiGuard cache TTL on FortiGate devices?

To increase the amount of available memory (C)

What is the purpose of reducing the DNS cache TTL on FortiGate devices?

To reduce memory allocation to the DNS cache (A)

What is the purpose of reducing the session TTL on FortiGate devices?

To increase the amount of available memory (B)

What is the recommended session TTL for each firewall policy on FortiGate devices?

300 seconds (B)

What does the tcp-halfopen-timer control?

How long a session without SYN-Ack remains in the table after a SYN packet (A)

What is the default value for tcp-halfclose-timer?

120 (B)

What is the purpose of reducing TCP session timers?

To optimize memory use (C)

How can you set the session-ttl option?

Using the CLI (B)

What is the purpose of tcp-timewait-timer?

Controls how long a session remains in the table after a FIN-Ack packet (D)

Can you reduce TCP session timers without causing problems to applications?

Yes (B)

What is the recommended value for tcp-halfopen-timer?

8 (A)

What is the purpose of tcp-halfclose-timer?

Controls how long a session remains in the table after a FIN packet without FIN-Ack (D)

What is the default value for tcp-timewait-timer?

1 (A)

What is the purpose of a closed session remaining in the session table for a few seconds more?

To allow any out-of-sequence packet (D)

Which command can be used to identify if a FortiGate device is currently in conserve mode?

diagnose hardware sysinfo conserve (A)

What happens when the kernel cannot allocate more memory pages?

The oldest sessions are deleted (A)

What is the purpose of the command 'diagnose sys session stat'?

To display the number of sessions deleted by the kernel (C)

What is an ephemeral session?

A session that is not fully established (D)

What is the purpose of FortiOS setting a limit on the total number of ephemeral sessions?

To prevent DOS attacks (A)

What are some common types of DOS attacks that involve ephemeral sessions?

UDP sessions with only one packet (A)

What is the maximum number of ephemeral sessions that can exist at the same time in the session table?

It depends on the device model (D)

What happens when the number of ephemeral sessions increases abnormally during a DOS attack?

The oldest sessions are deleted (D)

What is the purpose of FortiGate's mechanism to protect memory use against DOS attacks?

To protect against some forms of DOS attacks (B)

Which type of session is categorized as ephemeral?

A TCP session that is not fully established (B)

Flashcards are hidden until you start studying