Marcos Avila
Quiz by , created more than 1 year ago

NSE4 6.0 NSE4 6.0 Quiz on IPS, created by Marcos Avila on 12/09/2018.

76
1
0
Marcos Avila
Created by Marcos Avila about 6 years ago
Close

IPS

Question 1 of 13

1

A known, confirmed attack
Detected when a file or traffic matches a signature pattern:
1- lPS signatures
2- WAF signatures
3- Antivirus signatures
Example: Exploit of known application vulnerabilities

Select one of the following:

  • Exploit

  • Anomaly

Explanation

Question 2 of 13

1

Can be zero-day or denial of service attacks (DoS)
Detected by behavioral analysis:
1-Rate-based IPS signatures
2-DoS policies
3-Protocol constraints inspection
Example: Abnormally high rate of traffic (DoS/flood)

Select one of the following:

  • Exploit

  • Anomaly

Explanation

Question 3 of 13

1

Flow-based detection and blocking :

Select one of the following:

  • Known exploits that match signatures
    Network errors and protocol anomalies

  • Known exploits and protocol anomalies
    Network errors that match signatures

Explanation

Question 4 of 13

1

IPS Components‘ IPS signature databases ‘ Protocol decoders IPS engine (Select 3)

Select one or more of the following:

  • IPS signature databases

  • Protocol decoders

  • IPS engine

  • IPS Protocol decoders

  • IPS engine databases

Explanation

Question 5 of 13

1

IPS engine (Select 5)

Select one or more of the following:

  • Application control

  • Anti-virus (flow based)

  • Web filter (flow based)

  • Email filter (flow based)

  • Data Leak Prevention (DLP) (flow based in one-arm sniffer mode)

  • Anti-virus (flow based in one-arm sniffer mode)

  • IPS (flow based)

  • Anti-spam (flow based)

Explanation

Question 6 of 13

1

Decoders parse protocols.
lPS signatures find parts of a protocol that don’t conform.
For example, too many HTTP headers, or a buffer overflow attempt
Unlike proxy-based scans, IPS often does not require IANA standard ports.
Automatically selects decoder for protocol at each OSI layer

Select one of the following:

  • What Are Protocol Decoders?

  • What Are Protocol?

  • What Are Decoders?

Explanation

Question 7 of 13

1

IPS packages are updated by FortiGuard. (Select 3)

Select one or more of the following:

  • IPS signature databases

  • Protocol decoders

  • IPS engine

  • IPS Protocol

  • IPS databases

  • IPS signature

Explanation

Question 8 of 13

1

Choosing the Signature Database
- : Common attacks with fast, certain identification (default action is block)

- : Performance-intensive

Drag and drop to complete the text.

    Regular
    Extended

Explanation

Question 9 of 13

1

In fact, because of its size, the extended database is only available for FortiGate models with a smaller disk or RAM. But, for high-security networks, you might be required to enable the extended signatures database.

Select one of the following:

  • True
  • False

Explanation

Question 10 of 13

1

Configuring IPS sensors

Select one or more of the following:

  • Two ways:
    Add signatures
    Add filters

  • Three ways:
    Add signatures
    Add filters
    Add IPS profile in the policy

Explanation

Question 11 of 13

1

IPS Actions (Select 6)

Select one or more of the following:

  • Pass

  • Monitor

  • Warning

  • Block

  • Reset

  • Default

  • Packet Logging

  • Quarantine

Explanation

Question 12 of 13

1

Which of the following are evaluated first in an lPS sensor?

Select one of the following:

  • A. IPS filter

  • B. IPS signature

Explanation

Question 13 of 13

1

Which IPS component is updated most frequently?

Select one of the following:

  • A. Protocol decoders

  • B. IPS signature database

Explanation