What are two functions of automation stitches? (Choose two.)
Options:
A.
You can configure automation stitches on any FortiGate device in a Security Fabric environment.
B.
You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
C.
An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
D.
You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
Automation stitches in FortiOS allow administrators to automate responses to specific events, such as running diagnostic commands or taking corrective actions when certain thresholds are exceeded.
Diagnostic Commands and Alerts:
Automation stitches can be configured to run diagnostic commands and attach the results to email alerts. This is useful for monitoring and troubleshooting purposes, particularly when CPU or memory usage exceeds set thresholds.
Sequential Execution with Parameters:
When actions are executed sequentially, each action can take parameters from the previous action as input. This enables more complex workflowsand automation sequences where the output of one action influences the next.
References:
Fortinet Documentation: Configuring and using automation stitches(Welcome to the Fortinet Community!)(Hammertux).
Fortinet Community: Automation stitches and their applications in FortiOS(Hammertux)(Fortinet GURU).
Questions # 12:
Which exchange lakes care of DoS protection in IKEv2?
The IKE_SA_INIT exchange is the first step in the IKEv2 negotiation process. It is responsible for setting up the initial security association (SA) and performing Diffie-Hellman key exchange.
During this exchange, the responder may employ various measures to protect against Denial of Service (DoS) attacks, such as rate limiting and the use of puzzles to increase the computational cost for an attacker.
DoS Protection Mechanisms:
One key method involves limiting the number of half-open SAs from any single IP address or subnet.
The IKE_SA_INIT exchange can also incorporate the use of stateless cookies, which help to verify the initiator's legitimacy without requiring extensive resource allocation by the responder until the initiator is verified.
References:
RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2)(RFC Editor).
RFC 8019: Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks(IETF Datatracker).
