Chapter 9. Network Discovery Policy Flashcards
1.Which of the following statements about application detectors is true?
A. Internal detectors are always on; they are built in the software.
B. The management center leverages OpenAppID to create custom detectors.
C. Secure Firewall software comes with a set of application detectors, by default.
D. All of these answers are correct.
D. All of these answers are correct. Internal detectors are always on; they are built in the software. Secure Firewall software comes with a set of application detectors, by default. The management center leverages OpenAppID to create custom detectors.
2.Which of the following databases contain the fingerprint information?
A. Snort rule database
B. URL filtering database
C. Vulnerability Database
D. Discovery event database
C. The Vulnerability Database contains fingerprints.
3.What does a network discovery policy allow Secure Firewall to discover?
A. Hosts
B. Users
C. Applications
D. All of these answers are correct.
D. All of these answers are correct. A network discovery policy allows Secure Firewall to discover hosts, users, and applications.
4.For accurate discovery of the latest applications, which of the following should you consider?
A. Ensure that the network discovery policy is set to monitor the load-balancer devices.
B. Use the network addresses instead of network objects.
C. Generate Rule Recommendations in an intrusion policy.
D. Keep the Vulnerability Database (VDB) version up to date.
D. For precise detection of the latest applications, you must keep the Vulnerability Database (VDB) version up to date.
5.Which of the following is considered a best practice when deploying network discovery policy?
A. Deploy the threat defense as close as possible to the gateway.
B. Add the addresses 0.0.0.0/0 and ::/0 in the rule for an accurate host profile.
C. Exclude the IP addresses of any NAT and load-balancing devices from the list of monitored networks.
D. For precise detection of the latest application, create a rule to discover private IP addresses.
C. One of the best practices for a network discovery policy configuration is to exclude the IP addresses of any NAT and load-balancing devices from the list of monitored networks.
6.Which of the following statements is not true?
A. To discover applications, hosts, or users from certain subnets, you can trust the traffic from that subnet to expedite the discovery process.
B. Secure Firewall uses the Adaptive Profiles option to perform application control.
C. The Adaptive Profiles option should be always enabled to ensure superior detection.
D. Trusted connections are not subject to deep inspection or discovery.
A. If you want to discover certain subnets or ports, do not use an access control rule or a prefilter rule to trust connections from those subnets or ports because the trusted connections are not subject to deep inspection or discovery; hence, they do not contain detailed information during discovery.
7.Which of the following statements is false?
A. If you forgot to create an object using the Object Management page, you can still create one on the fly directly from the Add Rule window.
B. Creating objects for the network resources and reusing them in the discovery rules are optional; however, it helps with rule management in the long term.
C. You can create objects only for three elements: network addresses, port numbers, and interfaces.
D. You can group multiple objects into a single configuration.
C. This statement is false because Secure Firewall allows you to create objects for network addresses, port numbers, interfaces, VLAN tags, URLs, time ranges, and for many more variable components.
8.What is the reason that some operating systems appear as pending?
A. The network discovery policy deployment is not complete.
B. The threat defense is currently waiting on further packets to conclude analysis.
C. The management center has reached its license limit.
D. The operating system is currently being updated by the host.
B. If some operating systems appear as pending, the reason is that the threat defense is currently analyzing the collected data or waiting on further information to reach a conclusion.
