Securing the Widening Attack Surface of Healthcare Today - Fortinet CertificationS

The Problem of Data

Medical patient records are at an all-time high valuation on the Dark Web. As we all know, healthcare records are different because of the permanence of the data. This gives cybercriminals plenty of time to use patient information for financial gain, such as selling complete ID theft packages, using plastic surgery details for ransom, or socially engineering individuals for further attack.

But there are other potential uses that get more interesting and have potentially deeper ramifications.

We are experiencing an increase of medical costs and a challenge to find readily available, top-quality healthcare for patients with lower income or minimal healthcare plans. With this in mind, patient records could be used to obtain healthcare with a false recipient masquerading as a valid patient. The false recipient can immediately remit supplemental costs such as copays for treatment and medications, thus stealthily leveraging the health plan to obtain the desired healthcare. Valid patients might not notice the fraud, particularly if they have relatively constant care events that bury illegal periodic usage in the resulting flurry of associated billing and resolution notifications. The loss would be passed to the insurance company or government assistance program, negatively impacting all participants.

A darker side to this same potential issue lies in the fact that patient data is becoming more transportable and shared among medical professionals. Now imagine that same false recipient being treated for what might seem to be a somewhat medically mundane condition, such as hyperglycemia. If the valid patient gets involved in a car accident their emergency care could be changed to accommodate the false recipient’s current suite of treatments due to this shared pool of information. It creates an unexpected consequence to the valid patient as a result of the false recipient’s data being used to provide incorrect treatment to the valid patient. Ironically, the same thing could happen in reverse. The false recipient could receive incorrect care as well, with similar potential legal ramification.

The Widening, Thinning Attack Surface

Organizations used to rely on a handful of primary technologies that were deeply deployed. Imagine these dozen or so technologies as rather tall cylinders. The top surface areas are relatively confined, which we can imagine as representing the attack surface for this exercise.

Now imagine adding more technologies. Cloud is an excellent example. We will implement a cloud instance, but only use it for a piece of our business we don’t care too much about…possibly a non-critical data manipulation system. Now we have two architectures where there used to be one. Now another solution is embraced, such as a hybrid public/private cloud, and we throw some critical operations in that so they can be more closely monitored. Now we have three architectures where there was one. We add a few business partner clouds, shuffle some regulatory pieces to new cloud implementations, and now we have several infrastructures where there was once a single one.  Our attack surface has thinned out and become much broader. We are more susceptible to attack.

Here is another example. Healthcare organizations, particularly hospitals, are heavy users of IoT devices. Devices allow patients to be remotely monitored and treated using implanted devices. Inside the hospital, a wide range of IoT devices are connected and freely communicating to the hospital staff, medical records and scheduling systems, and other pieces of the patient care puzzle. IoT device vendors and manufacturers are also in communication with the devices, creating an ever-widening attack surface. The surety and safety of a device’s operations is entirely dependent on how it was developed and tested, creating potential exposure. Was security integrated throughout development or simply bolted on prior to deployment into customer environments? With a thinning attack surface, the ramifications are clearly apparent.

Now we can add virtualization and the impact of it to our ever broadening, thinning attack surface. We stand up and tear down server environments at a whim, or use SD-WAN and micro segmentation to create smaller subnetworks to suit regulatory or operational needs. Applications are also used only when needed, often residing outside of our infrastructure with associated data repositories potentially located anywhere on the planet.

Digital transformation provides the fastest method of responding to business and customer needs, but the individual methods and technologies used to gain that advantage also cause our attack surface to expand.

Think of contained infrastructure as a bucket of oil. We can readily define the edges providing containment. Now think of that bucket of oil poured on a large body of water. While doing something like that is simply terrible from an ecological perspective, it is a good analogy for what happens when we adopt a wider range of disparate technologies that we actually deploy less of on a per-technology basis.

The attack surface expands and gets thinner. The technology cylinders we described earlier get flatter and wider. We have a harder time defining the edges. Identifying and managing attacks becomes more difficult.

Disparate Technology, Shrinking Resources

The number of security professionals in the workforce is at an all-time high. Unfortunately, a large reason for this is due for the high demand, which caused a large influx of relatively inexperienced resources to enter the security profession. It is still difficult to locate, hire, and retain highly competent technical security talent. That in and of itself is certainly an issue, but not necessarily the core problem.

The true cause of concern is largely due to disparate security systems. We often look for best-of-breed instead of best-of-need security implementations. While the latest and greatest might appear to be the panacea of our sleepless nights, we often find ourselves with larger operational support issues as a result of spending on these new single security tools. We have more disparate technologies than we can reasonably manage, and getting a unified status or view of what we are trying to protect is almost impossible.

A Logical Approach

Security professionals cannot continue to increase operational security complexity in hopes of containing consequence. This simply mirrors the very cause of the problem. Adding disjointed security technologies that result in knowledge and awareness gaps actually copying the root cause of our challenges. We also waste our scarce and valuable technical security resources trying to remedy the situation – that we basically created!  

Viable security management requires the focused use of advanced capabilities such as completely integrated controls management, automated known and unknown threat response, tools that perform according to spec and are independently validated, and the ability to integrate security solutions. If we are to be successful, the complexity of the protected asset base must be operationally simplified from the security perspective. 

The ability to create the capability to outpace cybercriminal efforts can be realized with a security architecture capable of providing end-to-end visibility, rapid threat intelligence sharing, and simplified policy enforcement throughout a wide range of architectural domains. These types of capabilities, coupled with greater speed to detect, analyze, and resolve attacks, have never been more critical for protecting infrastructure and information and our success as security professionals.

Look for technical security solutions that can easily communicate between themselves and provide an accurate, focused view into the operational environment. Solutions that readily integrate with the critical security capabilities, tools, and services your organization requires to stay competitive. Solutions that provide a readily expandable fabric approach to secure the ever-broadening attack surface, delivering instant scaling capabilities.

Our security challenges are as daunting as ever. A truly effective security strategy for today’s CISO must be based on a truly integrated security portfolio that has the flexibility to adapt to the ever increasing complexity of today’s IT environment and very determined cybercriminals. 

Our experts say about Fortinet Certification Exams

Seeing and Addressing Insider Threats Across Your Distributed Network

Hackers, cybercriminals, malware infections, and other external threats dominate the headlines. And for good reason. The loss of millions of data records as part of a security breach now seems to be a common occurrence. And as we move towards an integrated digital economy, the impact of a massive or coordinated cyberattack could have devastating consequences.

But the reality is, the vast majority of cyberattacks still fall below the radar. While we don’t see or hear about them, smaller, targeted attacks were responsible for the majority of the $600 billion lost to cyberattacks last year. Even less well understood is that nearly half of data breaches and system compromises come from within an organization rather than from an outside source. Of these, nearly half are intentional, while the rest are accidental.

From a security perspective, protecting against an insider compromise is quite different from defending against an external network attack. Gaining access to vulnerable devices and systems or escalating network privilege are also generally much easier to perform from the inside. Many security systems simply don’t pay that much attention to what a known user is doing—especially in an environment built around implicit trust, or one where the majority of security resources are focused on perimeter control.

Identifying Potential Insider Threats

Enterprises can get a step ahead of insider threats by identifying not just insider actions that compromise resources, but also by identifying those people likely to perform such actions. There are two types of insider who represent a risk you your organization:

Type A – Malicious Actors

These individuals are willing to put an enterprise at risk for a number of reasons. These can include personal gain, the desire to take revenge against a perceived injustice—such as being overlooked for a promotion or having a bad manager, political motivations, or industrial espionage funded by a nation-state or competitor.

Insider attacks can result in the theft of valuable data and Intellectual Property (IP), the exposure of potentially embarrassing or proprietary data to the public or competitors, and hijacking or sabotaging databases and servers. Customer and employee information, including personally identifiable information (PII) and personal health information (PHI) are favorite targets because they have the highest resale value on the Dark Web. Intellectual property (IP) and payment card information are the next most popular types of data to steal.

With a more traditional external attack, abnormal data flows due to rapid data exfiltration to an unusual destination can be hard to disguise. Activities may be in conflict with an enterprise security policy, happen at a strange time, originate from a strange access point, show movement to an unusual network address, or include an unexpectedly high volume of data. Any of these should trigger a security response that could shut down an active breach.

But because insiders already have continuous and trusted access, attacks and data exfiltration can happen over time, giving an attacker more time to plan his strategy, cover his tracks, disguise data so it is difficult or impossible for security tools to identify, and keep data movement below the threshold of detection. Many users can also take advantage of inconsistent security enforcement across ecosystems by moving data between core and multi-cloud environments to outrun detection.

Type B - Negligence

It is not unusual for organizations to give certain users more privilege than they have skill to manage. An executive who insists on being given escalated privilege to a database, for example, can do something as simple as change a field length and cause critical applications to malfunction. Whether such users are unaware of basic precautions for handling sensitive applications or information, are error-prone, or are simply careless, for the most part they do not intend to do harm.

Data loss or exposure, however, does not have to be the result of the improper granting of privilege. Losing mobile devices, laptops, or thumb drives, failing to wipe discs and hard drives on discarded hardware, or even giving away business information when chatting on social networks, can result in mistakes that can be as costly as the deliberate attacks of others.

Addressing your Internal Risk

Organizations need complete visibility of their data flow—they need to know who is accessing what data, where, and when, including in core, multi-cloud, or SD-WAN environments. Security teams also need to especially identify and categorize risky users, including executives, administrators, and super users who have access to sensitive information and privilege, as well as by maintaining and monitoring a list of everyone that can access critical data, resources, and applications.

By putting controls in place to help security staff spot attacks earlier, you can begin to create an effective insider threat program. For example, you should be carefully watching for things like privilege escalation; applications, probes, and traffic moving outside of their normal parameters; and unusual traffic patterns of applications and workflows, especially between different network domains.

Behavioral analytics need to see across the distributed network to intelligently flag abnormal incidents and immediately report them to security personnel. Moving to a zero trust model and implementing strict internal segmentation can prevent the sort of lateral movement across the network that many attacks require. And protocols need to be put in place so that priority alerts are seen right away without swamping security teams with a deluge of low-level information.

Things to watch for include:

   Unauthorized use of IT resources and applications

• Employees using personal clouds for corporate information
• Rogue use of shadow IT
• Accessing, sharing, or distributing PII
• Installing unapproved and unlicensed software
• Unauthorized use of restricted applications, including network sniffing and remote desktop tools

    Unauthorized transfer of data

• Using removable media to store or move data
• Unauthorized copying of business-critical data to a cloud or web service
• Transferring file transfers to and from unusual destinations
• Moving files using instant messenger or social media applications

    Misuse, abuse, and malicious behavior

• Misusing file system admin rights
• Disabling or overriding endpoint security products
• Using password stealing tools
• Accessing the Dark Web

Prevention is a Critical First Step

Prevention of problems can also be taken a step further by creating workplace conditions that encourage good employee behavior.

 For example, employees may seek to leave an organization and take confidential information with them when salary levels, career prospects, or other aspects of their job are below certain measurable levels of satisfaction. Measuring and responding to levels of employee satisfaction, therefore, is a key part of preventing insider security risks. A regular information security awareness program coordinated between HR and IT can help reduce careless  behavior.

Conclusion

The risk of insider threats is often bigger than we think, especially as networks become larger and more complex. Carelessness and malicious intent are the two major causes, but both can be mitigated. Solutions to improving awareness and careful information handling include training and awareness, and the monitoring of privileged users and critical data across the distributed network, from the core to the cloud. This needs to be combined with dynamic network segmentation and the integration of security tools into a single fabric, including advanced behavioral analytics.

These technical solutions are only half of the answer. Creating and maintaining attractive working conditions also go a long way to preventing malicious behavior. Remember that salary is just one factor ,and not always the critical one. A sense of ownership, team comradery, and creating the sense that your employees are performing a vital task can be just as important as any internal security solution you may have in place.

Our experts say about Fortinet Certification Exams

The Security Implications for 5G and IoT - Fortinet Certifications

The advent of 5G networks is about much more than just incredibly fast speeds and more reliable connections.

This post originally appeared as a bylined article in IoT Agenda.

When combined with today’s powerful edge devices — whether consumer-grade smart devices or the new generation of industrial-grade IoT devices — the impact of 5G on business and networking strategies will be transformational. There are important implications for digital transformation that need to be considered, especially when it comes to securing the new network environments that 5G and edge-based computing will create.

The Impact of 5G

As 5G begins to be widely available, several things will happen:

• In addition to exponentially faster speeds, 5G will also introduce greater capacity, reduced latency and more flexible service delivery. This will enable organizations to provide better content, more real-time transactions and much richer user experiences across entertainment and commercial activities.
• Lower latency and highly reliable connections will enable greater edge-based computing without the need for nearby data centers to support latency-sensitive transactions and workflows. Instead, by provisioning computing services closer to end users, 5G servers will acquire enough intelligence to act as application servers — supporting a wide array of edge-based applications, transactions and business processes.
• Eventually, when 5G speeds and capacity are combined with the unprecedented power of edge devices, we will see the creation of new edge-based networks that can share and process information locally, as well as cloud-based resources.
• Because these edge-based computing resources will be highly distributed, they will need to be interconnected using enterprise-grade applications and high-speed connections to ensure that the huge volumes of data, workflows and transactions they will create are tracked and analyzed in real time. 5G networking will also offer application developers and content providers cloud computing capabilities and an IT service environment at the edge of mobile networks to create new services. However, these open, hyperconnected edge networks will also have serious implications for how devices, data, applications and workflows can be managed, along with how they connect to traditional and cloud-based networks.
• 5G will also have an impact far beyond interconnecting endpoint devices. IoT devices will be enlisted to track other devices and users, monitor inventory, gather user and device information, and provide real-time data that can impact everything from agile application development and manufacturing floors to managing and coordinating resources in highly connected environments such as smart cities.

Examples of 5G and IoT

Enhanced communication services within connected cars, for example, will go well beyond the current set of interactions that already occur internally between onboard IoT devices such as braking, environment monitors, GPS and even entertainment systems. Live connections between drivers and businesses will enable financial transactions, such as paying for fuel, ordering food at a drive-thru restaurant or paying tolls, without having to pull out a credit card. Communications between vehicles and between cars and infrastructure-based IoT will enable enhanced traffic management and augment things like autonomous driving at highway speeds.

Likewise, there are significant implications for healthcare and medical IoT. 5G speeds will allow the real-time transmission of data to support things like remote surgery, the tracking of monitors and other connected medical devices, including wearable medical IoT, and the analysis of tests and scans by remote professionals. These advances will not only allow patients to have access to the best physicians in the world, but they will also extend 21st-century medical care to remote locations that currently lack reliable medical resources.

Security Implications for 5G and IoT

These new connected environments will also have serious consequences for security. The biggest challenge will be the sudden, exponential growth of the attack surface due to the rapid expansion of IoT devices and edge-based computing. This will be followed closely by the fact that these devices won’t necessarily be connected to a central network in a traditional hub-and-spoke configuration. With literally billions of IoT devices interconnected across a meshed edge environment, any device can become the weakest link in the security chain and expose the entire enterprise to risk. Addressing this challenge will require some fundamental shifts in how we think about networking and security.

• Security will need to be edge-to-edge, from the IoT edge, across the core enterprise network and out to branch offices and multiple public clouds. To do this, everything connected to the enterprise ecosystem needs to be identified, criticality rated and their state confirmed. Then, all requests for access to network resources will need to be verified, validated and authenticated.
• Security must also support elastic, edge-to-edge hybrid systems combining proven traditional strategies with new approaches. While network segmentation is a proven technique for containing cybersecurity risks and protecting sensitive resources, old strategies may not be best suited for a 5G world. New segmentation strategies will need to navigate local and remote resources that mix segments for which organizations may or may not have control. IT teams will need to evaluate how to manage the complexity of multiple co-managed systems as they implement 5G networks and public cloud services.
• Sharing threat intelligence, correlating event data and supporting automated incident response will require security technologies to be deeply integrated. This will require the development and adoption of a comprehensive, fabric-based security architecture. Machine learning, artificial intelligence and automation will be key to accelerating decision-making, thereby closing the gap between detection and mitigation.
• Interoperability between different security tools will also require establishing new open 5G security standards, the adoption of APIs across vendors and agnostic management tools that can be centrally managed to see security events and orchestrate security policies.

These are just a handful of the security implications resulting from the adoption and deployment of 5G networks. But that is just the start of the impact of this new era of networking and computing. Security will also need to address the following scenarios:

• Automated network application lifecycle management will require security tools to not only be high performing, but also highly adaptive to ensure that constant innovation includes consistent protection. It will also require organizations to transition from a DevOps model to a DevSecOps model to ensure that security is integrated directly into the development strategy.
• Support for cloud-optimized distributed network applications will require security to move seamlessly between and across different network ecosystems without losing track of workflows or dropping security functionality.
• Digital transformation will generate vast amounts of new data, most of which will be encrypted. Encrypted data currently constitutes more than 70% of network traffic. That percentage will only grow as encryption is used to protect data moving through open network environments. This will require high-performance security tools in IoT and other edge devices that can inspect encrypted traffic at both speed and scale.
• New strategies, such as network slicing, will enable organizations to more efficiently consume resources moving through massive data environments. This will also require segmentation and edge-based microsegmentation to protect critical resources while isolating them from open and less secure environments.

Where to Start

Many organizations are clearly underestimating the potential impact of the coming 5G revolution and the effect it will have on how they conduct commerce and compete effectively within the next iteration of the digital economy. However, there are a few things that organizations can do now to prepare. The most effective approach would be to migrate from traditional, isolated point defense products to a security fabric designed to be integrated, automated and open using open APIs and common standards. This approach also need to combine single-pane-of-glass management and control with security technologies that can move seamlessly across traditional, SD-WAN, multi-cloud and highly mobile endpoint and IoT devices for consistent visibility and control.

Our experts say about Fortinet Certification Exams

NSE4 - Fortinet Practice Exam Questions - 100% Free Demo - VCE Exams Test

Complete Fortinet NSE4 Certification Training - Get NSE4 Certified

Question 1

What is valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?

A: Users are required to manually enter their credentials each time they connect to a different web site.
B: Proxy users are authenticated via FSSO.
C: There are multiple users sharing the same IP address.
D: Proxy users are authenticated via RADIUS.

Correct Answer: C

Question 2

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

A: Manual update by downloading the signatures from the support site.
B: FortiGuard pull updates.
C: Push updates from a FortiAnalyzer.
D: execute fortiguard-AV-AS command from the CLI.

Correct Answer: AB

Question 3

Data leak prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Choose three.)

A: POP3
B: SNMP
C: IPsec
D: SMTP
E: HTTP

Correct Answer: ADE

Question 4

Which statements correctly describe transparent mode operation? (Choose three.)

A: The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
B: Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
C: The transparent FortiGate ia clearly visible to network hosts in an IP trace route.
D: Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
E: All interfaces of the transparent mode FortiGate device most be on different IP subnets.

Correct Answer: ABD

Question 5

Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic.
What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

A: They are offloaded to the NP6 in the master unit.
B: They are not offloaded to the NP6 in the master unit.
C: They are offloaded to the NP6 in the slave unit.
D: They are not offloaded to the NP6 in the slave unit.

Correct Answer: BC

Success Secrets: How you can Pass Fortinet Certification Exams in first attempt

Fortinet Certification Exam Dumps PDF VCE Exams Files - VCE Exams Test

Fortinet Practice Exam Questions Answers Free Demo

Question 1

On a FortiMail unit, access control rules specify actions to be taken against matching email messages. Which of the following statements correctly describes the Bypass action?

A: Accept the email message but skip the MX record lookup. This mail message will be delivered using the configured relay server.

B: Do not deliver the email message.

C: Accept the email message and skip all message scanning, such as antispam and antivirus.

D: Accept the email message and delete it immediately without delivery.

Correct Answer: C

Question 2

Which of the following statements correctly describes the COMBINED action of these two access control rules?

A: Email messages from senders at external1.lab will be rejected.

B: Email messages from external1.lab to internal1.lab from host IP 172.16.78.8 are relayed.

C: Email messages from external1.lab to internal1.lab from any host IP address are relayed.

D: Email messages from external1.lab to internal1.lab are restricted by the return DNS pattern.

Correct Answer: B

Question 3

What is the best explanation for why a FortiMail unit would issue the error message indicated in the exhibit?

A: The recipient domain external1.lab is not defined.

B: This traffic comes from an authenticated sender.

C: Recipient verification is not working properly.

D: The session is matching an Access Control Rule with action "Reject".

Correct Answer: A

Question 4

Which of the following FortiMail profile types apply to IP-based policies only?

A: Session profile

B: Content profile

C: IP pool

D: Antispam profile

Correct Answer: AC

Question 5

According to the Message Header printed below, which antispam technique detected this email as spam:

     Return-Path: user1@external.lab

     (SquirrelMail authenticated user user1)

     by 172.16.78.8 with HTTP;

     X-FEAS-HASH: 6ef419f0a0608b1655xxxxe68080df3cb12fc38f1118d2f085985eeb000274d7

     Sat, 18 Apr 2009 15:53:06 +0200 (CEST)

     Message-ID : <3029.192.168.3.101.1240062786.squirrel@172.16.78.8>

     Date : Sat, 18 Apr 2009 15 :53 :06 +0200 (CEST)

     Subject: [SPAM] Sales

     From: user1@external.lab

     To: user1@training1.lab

     User-Agent: SquirrelMail/1.4.10a-1.fc6

     MIME-Version : 1.0

     Content-Type : text/plain ;charset=iso-8859-1

     Content-Transfer-Encoding: 8bit

     X-Priority: 3 (Normal)

     Importance: Normal

     X-Original-To: user1@training1.lab

     Delivered-To: user1@training.lab

     Received: from fm.sub.training1.lab (fm.sub.training1.lab [192.168.11.101])

     by mail.training.lab (Postfix) with ESMTP id A9160187073

     for <user1@training1.lab>; Sun, 19 Apr 2009 16:58:48 +0200 (CEST)

     Received: from mail.external.lab ([172.16.78.8])

     by fm.sub.training1.lab with ESMTP id n3LEPHWu001093

     for <user1@training1.lab>; Tue, 21 Apr 2009 10:25:17 -0400

     Received: from 172.16.78.8 (localhost [127.0.0.1])

     by mail.external.lab (Postfix) with ESMTP id 247D9BF893

     for <user1@training1.lab>; Sat, 18 Apr 2009 15:53:06 +0200 (CEST)

     Received: from 192.168.3.101

A: DNSBL scan

B: Dictionary scan

C: Banned Word scan

D: FortiGuard checksum

Correct Answer: D

Question 6

Which of the following statements is true regarding Session-based antispam techniques?

A: The entire mail content is inspected.

B: They are enabled in the session profile only.

C: SMTP commands, sender domain and IP address are checked.

D: They are checked after application-based antispam techniques.

Correct Answer: C

Question 7

Which of the following statements regarding the FortiMail unit's Greylisting feature is NOT correct?

A: The FortiMail unit tracks the /32 bit host address of the sender.

B: When an email is received from a new sender IP address, envelope sender and envelope recipient addresses, the FortiMail unit will initially send a temporary failure message.

C: After the initial temporary fail message is sent, the message must be retransmitted between the Greylisting period expiry and initial expiry time periods.

D: Pass-through is allowed until the configured TTL expires.

E: An ACL with action Relay bypasses Greylisting.

Correct Answer: A

Question 8

Which of the following is an advantage of using Banned Word scanning instead of Dictionary scanning?

A: Mail Headers are inspected.

B: It is easier to configure.

C: Regular Expressions can be used.

D: Non-ASCII characters are supported.

Correct Answer: B

Question 9

Which operation is performed by the Forged IP scanning technique?

A: DNS PTR record lookup on the sender's IP address then A record lookup on the canonical hostname

B: DNS A record lookup on the sender's IP address then PTR record lookup

C: DNS MX record lookup on the sender canonical hostname

D: DNS TXT record lookup

Correct Answer: A

Question 10

When using Sender Reputation on a FortiMail unit, which of the following actions can be taken against a source IP address generating spam or invalid email messages?

A: Delay the email messages from that source IP address with a temporary fail.

B: Reject the email messages from that source IP address with a permanent fail.

C: Quarantine all the email messages from that source IP address.

D: Limit the number of email messages allowed from that source IP address.

Correct Answer: ABD

Our experts say about Fortinet Certification Exams