IPS II

Description

NSE4 6.0 NSE4 6.0 Quiz on IPS II, created by Marcos Avila on 12/09/2018.
Marcos Avila
Quiz by Marcos Avila, updated more than 1 year ago
Marcos Avila
Created by Marcos Avila about 6 years ago
261
1

Resource summary

Question 1

Question
Attacker’s sessions consume all resources—RAM, CPU, port numbers Slows down or disables the target until it can’t serve legitimate requests
Answer
  • DoS Attacks
  • Anomaly
  • Exploit

Question 2

Question
Types of DoS attacks (Select 3)
Answer
  • TCP SYN flood
  • ICMP sweep
  • TCP port scan
  • TCP sweep
  • ICMP SYN flood

Question 3

Question
Attacker floods victim with incomplete TCP/IP connection requests The victim’s connection table becomes full, so legitimate clients can’t connect
Answer
  • TCP SYN flodd
  • ICMP sweep
  • TCP port scan

Question 4

Question
Attackers eends ICMP traffic to find targets Attacker then attacks hosts that reply
Answer
  • TCP SYN flood
  • ICMP Sweep
  • TCP port scan

Question 5

Question
Attacker probes a victim by sending TCP/IP connection requests to varying destination ports Based on replies, attacker can map out which services are running on the victim system Attacker then targets those destination ports to exploit the system
Answer
  • TCP SYN flood
  • ICMP sweep
  • TCP port scan

Question 6

Question
You can apply DoS protection to four protocols:
Answer
  • TCP
  • UDP
  • ICMP
  • SCTP
  • DST
  • SRC
  • SMTP

Question 7

Question
detects a high volume of that specific protocol, or signal in the protocol.
Answer
  • Flood sensor
  • Sweep/Scan
  • Source Signatures
  • Destination signatures

Question 8

Question
detects probing attempts to map which of the host’s ports respond and, therefore, might be vulnerable.
Answer
  • Flood sensor
  • Sweep/Scan
  • Source Signatures
  • Destination signatures

Question 9

Question
look for large volumes of traffic originating from a single IP.
Answer
  • Flood sensor
  • Sweep/Scan
  • Source Signatures
  • Destination signatures

Question 10

Question
look for large volumes of traffic destined for a single IP.
Answer
  • Flood sensor
  • Sweep/Scan
  • Source Signatures
  • Destination signatures

Question 11

Question
Which of the following type of attack is a characteristic of a DoS attack?
Answer
  • A. Attempts to exploit a known application vulnerability
  • B. Attempts to overload a server with TCP SYN packets

Question 12

Question
Which DOS anomaly sensor can be used to detect and block a port scanner’s probing attempts?
Answer
  • A. tcp_syn_flood
  • B. tcp_port_scan

Question 13

Question
Web Application Firewall (WAF) is only available in proxy inspection mode
Answer
  • True
  • False

Question 14

Question
?
Answer
  • Example of a Web Attack-Cross-Site Scripting
  • Example of a Web Attack—SQL Injection

Question 15

Question
The variety of attacks based on _______ is limitless, but they commonly include transmitting private data like authentication cookies or other session information to the attacker.
Answer
  • cross-site scripting (XSS)
  • SQL injection

Question 16

Question
?
Answer
  • Example of a Web Attack—SQL Injection
  • Example of a Web Attack XSS

Question 17

Question
WAF protocol constraints protect against what type of attacks?
Answer
  • A. Buffer overflow
  • B. ICMP Sweep

Question 18

Question
To use the WAF feature, which inspection mode should be used?
Answer
  • A. Flow
  • B. Proxy

Question 19

Question
Which chipset uses NTurbo to accelerate IPS sessions?
Answer
  • A. CP9
  • B. SoC3

Question 20

Question
Which of the following features requires full SSL inspection to maximize it’s detection capability?
Answer
  • A. WAF
  • B. DoS

Question 21

Question
If there are high-CPU use problems caused by the IPS, you can use the ____________ command with option 5 to isolate where the problem might be.
Answer
  • diagnose test application ipsmonitor
  • diagnose test ipsmonitor
  • diagnose application ipsmonitor

Question 22

Question
Which FQDN does FortiGate use to obtain IPS updates?
Answer
  • update.fortiguard.net
  • service.fortiguard.com

Question 23

Question
When IPS fail open is triggered, what is the expected behavior if the IPS fail open option is set to enabled?
Answer
  • New packets will pass through
  • New packets will be dropped
Show full summary Hide full summary

Similar

'The Merchant of Venice' - William Shakespeare
cian.buckley
Mathematics Overview
PatrickNoonan
Spanish Questions
Niat Habtemariam
General Knowledge Quiz
Andrea Leyden
Women in Nazi Germany - Flashcards
Louisa Wania
Geography Coasts Questions
becky_e
A level Computing Quiz
Zacchaeus Snape
GCSE Biology B1 (OCR)
Usman Rauf
Computer Systems
lisawinkler10
Bay of Pigs Invasion : April 1961
Alina A
“The knower’s perspective is essential in the pursuit of knowledge.” To what extent do you agree with this statement?
Lucia Rocha Mejia