Which two statements explain antivirus scanning modes?

The correct statement is grounded in the principles of how flow-based inspection operates in FortiGate's antivirus scanning mechanism. In flow-based inspection mode, the FortiGate unit processes the data stream in real-time. This approach allows the device to transmit data to the client simultaneously while it analyzes it for any malware or unwanted content. Buffering occurs to a certain extent to ensure that the entire file is available for scanning, which enables quick and efficient detection without waiting for the entire file to download before initiating the scan.

The understanding of this operational principle is critical as it highlights the balance between performance and security that FortiGate aims to achieve with flow-based inspection. Thus, the simultaneous throughput of data while retaining the capability to inspect the file helps maintain a balance between user experience and security protocols.

On the other hand, the other statements provide descriptions that do not reflect the accurate mechanics of either scanning mode. For instance, proxy-based inspection does involve buffering files for thorough scanning, and flow-based inspection does not inherently necessitate an external server for scanning functions, as it can perform file analysis internally.