Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_NST-7.2 Topic 4 Question 23 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 23
Topic #: 4
[All NSE7_NST-7.2 Questions]

Which two statements about conserve mode are true? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B

IKE_SA_INIT Exchange:

The IKE_SA_INIT exchange is the first step in the IKEv2 negotiation process. It is responsible for setting up the initial security association (SA) and performing Diffie-Hellman key exchange.

During this exchange, the responder may employ various measures to protect against Denial of Service (DoS) attacks, such as rate limiting and the use of puzzles to increase the computational cost for an attacker.

DoS Protection Mechanisms:

One key method involves limiting the number of half-open SAs from any single IP address or subnet.

The IKE_SA_INIT exchange can also incorporate the use of stateless cookies, which help to verify the initiator's legitimacy without requiring extensive resource allocation by the responder until the initiator is verified.


RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2) (RFC Editor).

RFC 8019: Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks (IETF Datatracker).

by Tamesha at Mar 18, 2025, 01:29 PM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Arlette
24 days ago
Ah, the old FortiGate memory threshold game. B and D are the winners here. Gotta love these networking exam questions!
upvoted 0 times
Valentin
I think B and D are the correct statements about conserve mode.
upvoted 0 times
...
...
Dahlia
25 days ago
Haha, I bet the person who wrote this question was feeling a bit 'extreme' when they came up with it. Anyway, I'm going with B and D.
upvoted 0 times
...
Jaclyn
1 months ago
Hmm, I'm not sure. I thought conserve mode was triggered by the extreme threshold, not the red threshold. This is a tricky one!
upvoted 0 times
Celeste
1 days ago
User 3: So it's C and D then, conserve mode is triggered by extreme threshold and exits when memory goes below green threshold.
upvoted 0 times
...
Lore
2 days ago
User 2: I agree, but I also think option D is true because FortiGate exits conserve mode when memory goes below the green threshold.
upvoted 0 times
...
Vi
18 days ago
User 1: I think option C is correct, conserve mode is triggered by the extreme threshold.
upvoted 0 times
...
...
Sanda
1 months ago
B and D are correct. Conserve mode is triggered when the red threshold is reached, not the extreme threshold. This is a critical distinction to understand.
upvoted 0 times
William
9 days ago
D) FortiGate exits conserve mode when the system memory goes below the configured green threshold
upvoted 0 times
...
Delmy
23 days ago
C) FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
upvoted 0 times
...
Giuseppe
28 days ago
B) FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
upvoted 0 times
...
Corrie
1 months ago
A) FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.
upvoted 0 times
...
...
Ena
2 months ago
I'm not sure about statement B, but I think it makes sense that FortiGate takes action for new sessions needing content inspection at high memory levels.
upvoted 0 times
...
Luisa
2 months ago
I agree with you, Pa. I also believe statement C is true because conserve mode is activated at extreme memory levels.
upvoted 0 times
...
Pa
2 months ago
I think statement A is true because FortiGate drops new sessions when memory is high.
upvoted 0 times
...

Save Cancel