IPS II

Attacker’s sessions consume all resources—RAM, CPU, port numbers Slows down or disables the target until it can’t serve legitimate requests

Types of DoS attacks (Select 3)

Attacker floods victim with incomplete TCP/IP connection requests The victim’s connection table becomes full, so legitimate clients can’t connect

Attackers eends ICMP traffic to find targets Attacker then attacks hosts that reply

Attacker probes a victim by sending TCP/IP connection requests to varying destination ports Based on replies, attacker can map out which services are running on the victim system Attacker then targets those destination ports to exploit the system

You can apply DoS protection to four protocols:

detects a high volume of that specific protocol, or signal in the protocol.

detects probing attempts to map which of the host’s ports respond and, therefore, might be vulnerable.

look for large volumes of traffic originating from a single IP.

look for large volumes of traffic destined for a single IP.

Which of the following type of attack is a characteristic of a DoS attack?

Which DOS anomaly sensor can be used to detect and block a port scanner’s probing attempts?

Web Application Firewall (WAF) is only available in proxy inspection mode

?

The variety of attacks based on _______ is limitless, but they commonly include transmitting private data like authentication cookies or other session information to the attacker.

?

WAF protocol constraints protect against what type of attacks?

To use the WAF feature, which inspection mode should be used?

Which chipset uses NTurbo to accelerate IPS sessions?

Which of the following features requires full SSL inspection to maximize it’s detection capability?

If there are high-CPU use problems caused by the IPS, you can use the ____________ command with option 5 to isolate where the problem might be.

Which FQDN does FortiGate use to obtain IPS updates?

When IPS fail open is triggered, what is the expected behavior if the IPS fail open option is set to enabled?