Pregunta 1
Pregunta
A known, confirmed attack
Detected when a file or traffic matches a signature pattern:
1- lPS signatures
2- WAF signatures
3- Antivirus signatures
Example: Exploit of known application vulnerabilities
Pregunta 2
Pregunta
Can be zero-day or denial of service attacks (DoS)
Detected by behavioral analysis:
1-Rate-based IPS signatures
2-DoS policies
3-Protocol constraints inspection
Example: Abnormally high rate of traffic (DoS/flood)
Pregunta 3
Pregunta
Flow-based detection and blocking :
Pregunta 4
Pregunta
IPS Components‘ IPS signature databases ‘ Protocol decoders IPS engine (Select 3)
Respuesta
-
IPS signature databases
-
Protocol decoders
-
IPS engine
-
IPS Protocol decoders
-
IPS engine databases
Pregunta 5
Pregunta
IPS engine (Select 5)
Respuesta
-
Application control
-
Anti-virus (flow based)
-
Web filter (flow based)
-
Email filter (flow based)
-
Data Leak Prevention (DLP) (flow based in one-arm sniffer mode)
-
Anti-virus (flow based in one-arm sniffer mode)
-
IPS (flow based)
-
Anti-spam (flow based)
Pregunta 6
Pregunta
Decoders parse protocols.
lPS signatures find parts of a protocol that don’t conform.
For example, too many HTTP headers, or a buffer overflow attempt
Unlike proxy-based scans, IPS often does not require IANA standard ports.
Automatically selects decoder for protocol at each OSI layer
Pregunta 7
Pregunta
IPS packages are updated by FortiGuard. (Select 3)
Respuesta
-
IPS signature databases
-
Protocol decoders
-
IPS engine
-
IPS Protocol
-
IPS databases
-
IPS signature
Pregunta 8
Pregunta
Choosing the Signature Database
- [blank_start]Regular[blank_end] : Common attacks with fast, certain identification (default action is block)
- [blank_start]Extended[blank_end] : Performance-intensive
Pregunta 9
Pregunta
In fact, because of its size, the extended database is only available for FortiGate models with a smaller disk or RAM. But, for high-security networks, you might be required to enable the extended signatures database.
Pregunta 10
Pregunta
Configuring IPS sensors
Pregunta 11
Pregunta
IPS Actions (Select 6)
Respuesta
-
Pass
-
Monitor
-
Warning
-
Block
-
Reset
-
Default
-
Packet Logging
-
Quarantine
Pregunta 12
Pregunta
Which of the following are evaluated first in an lPS sensor?
Respuesta
-
A. IPS filter
-
B. IPS signature
Pregunta 13
Pregunta
Which IPS component is updated most frequently?