Attacker’s sessions consume all resources—RAM, CPU, port numbers

Slows down or disables the target until it can’t serve legitimate requests

Attacker floods victim with incomplete TCP/IP connection requests
The victim’s connection table becomes full, so legitimate clients can’t connect

Attackers eends ICMP traffic to find targets
Attacker then attacks hosts that reply

Attacker probes a victim by sending TCP/IP connection requests to varying destination ports
Based on replies, attacker can map out which services are running on the victim system
Attacker then targets those destination ports to exploit the system

detects a high volume of that specific protocol, or signal in the protocol.

detects probing attempts to map which of the host’s ports respond and, therefore, might be vulnerable.

look for large volumes of traffic originating from a single IP.

look for large volumes of traffic destined for a single IP.

Which of the following type of attack is a characteristic of a DoS attack?

Which DOS anomaly sensor can be used to detect and block a port scanner’s probing attempts?

The variety of attacks based on _______ is limitless, but they commonly include transmitting private data like authentication cookies or other session information to the attacker.

WAF protocol constraints protect against what type of attacks?

To use the WAF feature, which inspection mode should be used?

Which chipset uses NTurbo to accelerate IPS sessions?

Which of the following features requires full SSL inspection to maximize it’s detection capability?

If there are high-CPU use problems caused by the IPS, you can use the ____________ command with option 5 to isolate where the problem might be.

Which FQDN does FortiGate use to obtain IPS updates?

When IPS fail open is triggered, what is the expected behavior if the IPS fail open option is set to enabled?