Pregunta 1
Pregunta
Attacker’s sessions consume all resources—RAM, CPU, port numbers
Slows down or disables the target until it can’t serve legitimate requests
Respuesta
-
DoS Attacks
-
Anomaly
-
Exploit
Pregunta 2
Pregunta
Types of DoS attacks (Select 3)
Respuesta
-
TCP SYN flood
-
ICMP sweep
-
TCP port scan
-
TCP sweep
-
ICMP SYN flood
Pregunta 3
Pregunta
Attacker floods victim with incomplete TCP/IP connection requests
The victim’s connection table becomes full, so legitimate clients can’t connect
Respuesta
-
TCP SYN flodd
-
ICMP sweep
-
TCP port scan
Pregunta 4
Pregunta
Attackers eends ICMP traffic to find targets
Attacker then attacks hosts that reply
Respuesta
-
TCP SYN flood
-
ICMP Sweep
-
TCP port scan
Pregunta 5
Pregunta
Attacker probes a victim by sending TCP/IP connection requests to varying destination ports
Based on replies, attacker can map out which services are running on the victim system
Attacker then targets those destination ports to exploit the system
Respuesta
-
TCP SYN flood
-
ICMP sweep
-
TCP port scan
Pregunta 6
Pregunta
You can apply DoS protection to four protocols:
Respuesta
-
TCP
-
UDP
-
ICMP
-
SCTP
-
DST
-
SRC
-
SMTP
Pregunta 7
Pregunta
detects a high volume of that specific protocol, or signal in the protocol.
Respuesta
-
Flood sensor
-
Sweep/Scan
-
Source Signatures
-
Destination signatures
Pregunta 8
Pregunta
detects probing attempts to map which of the host’s ports respond and, therefore, might be vulnerable.
Respuesta
-
Flood sensor
-
Sweep/Scan
-
Source Signatures
-
Destination signatures
Pregunta 9
Pregunta
look for large volumes of traffic originating from a single IP.
Respuesta
-
Flood sensor
-
Sweep/Scan
-
Source Signatures
-
Destination signatures
Pregunta 10
Pregunta
look for large volumes of traffic destined for a single IP.
Respuesta
-
Flood sensor
-
Sweep/Scan
-
Source Signatures
-
Destination signatures
Pregunta 11
Pregunta
Which of the following type of attack is a characteristic of a DoS attack?
Pregunta 12
Pregunta
Which DOS anomaly sensor can be used to detect and block a port scanner’s probing attempts?
Respuesta
-
A. tcp_syn_flood
-
B. tcp_port_scan
Pregunta 13
Pregunta
Web Application Firewall (WAF) is only available in proxy inspection mode
Pregunta 14
Pregunta 15
Pregunta
The variety of attacks based on _______ is limitless, but they commonly include transmitting private data like authentication cookies or other session information to the attacker.
Pregunta 16
Pregunta 17
Pregunta
WAF protocol constraints protect against what type of attacks?
Respuesta
-
A. Buffer overflow
-
B. ICMP Sweep
Pregunta 18
Pregunta
To use the WAF feature, which inspection mode should be used?
Pregunta 19
Pregunta
Which chipset uses NTurbo to accelerate IPS sessions?
Pregunta 20
Pregunta
Which of the following features requires full SSL inspection to maximize it’s detection capability?
Pregunta 21
Pregunta
If there are high-CPU use problems caused by the IPS, you can use the ____________ command with option 5 to isolate where the problem might be.
Pregunta 22
Pregunta
Which FQDN does FortiGate use to obtain IPS updates?
Respuesta
-
update.fortiguard.net
-
service.fortiguard.com
Pregunta 23
Pregunta
When IPS fail open is triggered, what is the expected behavior if the IPS fail open option is set to enabled?