Security Services Flashcards
Clientless VPN solution that provides a central location for your users to connect to cloud-hosted applications
and internal resources.
Access Portal
Monitors and controls the use of applications on your network.
Application Control
Uses signatures that can identify and deny over 1000 applications.
Application Control
Cloud-based service that uses emulation analysis to identify the characteristics and behavior of zero-day
malware
APT Blocker
Denies known botnet site IP addresses
Botnet Detection
Prevents the unauthorized transmission of confidential information outside your network.
Data Loss Prevention (DLP)
Detects and denies DNS requests to known malicious domains
DNSWatch
Scans files to detect viruses in email messages and web or FTP traffic
Gateway AntiVirus
Denies connections to or from the countries you specify.
Geolocation
Uses artificial intelligence and machine learning to identify and deny known and unknown malware
IntelligentAV
Uses signatures to provide protection against known software vulnerabilities
Intrusion Prevention Service (IPS)
Identifies and denies unwanted and dangerous spam email messages
spamBlocker
Blocks known Tor exit node IP addresses.
Tor Exit Node Blocking
Controls access to websites based on content categories.
WebBlocker
Which services scans files?
- APT Blocker
- Data Loss Prevention
- Gateway AntiVirus
- IntelligentAV
What do you do if you don’t want to scan a specific file with APT Blocker, Data Loss Prevention, Gateway AntiVirus, and IntelligentAV
Add the MD5 hash of the file to the File Exceptions list
Which services are on the Basic Security Suite (5)
- Application Control
- Botnet Detection
- Gateway AntiVirus
- Geolocation
- Intrusion Prevention Service
- spamBlocker
- Tor Exit Node Blocking
- WebBlocker
Which services are only on the Total Security Suite
- Access Portal
- APT Blocker
- Data Loss Prevention
- DNSWatch
- EDR Core
- IntelligentAV
Which security service does not use signatures to identify viruses?
IntelligentAV
Is it possible to manually get the latest signatures or updates for the security services in Firebox System Manager?
Yes
Where (2) can you get the latest signatures or updates?
- Fireware Web UI
- Firebox System Manager
What database does Tor Exit Node Blocking use for known Tor exit node IP addresses?
Reputation Enabled Defense (RED)
Which security services can be enabled in any packet filter policy or proxy policy? (4)
1 Application Control
2Geolocation
3 Intrusion Prevention Service
4 Tor Exit Node Blocking
Which security service is intended to prevent basic networking attacks?
Default Threat Protection
Which security service is intended to prevent flooding?
Default Threat Protection
Which security service is intended to prevent denial of service?
Default Threat Protection
Which traffic does Default Threat Protection apply to?
Internal and external traffic
Which security service is used to mitigate some server or network misconfigurations?
Default Threat Protection
Does Default Threat Protection available without any specific licensing?
Yes
Does Default Threat Protection expire?
No
Does Default Threat Protection rely on subscription services to block attacks?
No
Does the Firebox process all components of Default Threat Protection before policies and services?
Yes
Name 3 components that Default Threat Protection use:
- Default Packet Handling
- Blocked Sites
- Blocked Ports
Is there any policy-related settings that can override Default Threat Protection?
No
Can Default Threat Protection impact built-in Firebox functions (i.e. VPNs)?
Yes
In Default Threat Protection, which component is designed to prevent these attacks: DoS/DDoS Flooding, IP scans, Port Scans
Default Packet Handling
In Default Threat Protection, name 4 attacks that can be prevent by Default Packet Handling
1 DoS/DDoS
2 Flooding
3 IP scans
4 Port Scans
In Default Threat Protection, which component is designed to manually or automatically block traffic for IPs, subnets, and domains?
Blocked Sites
What kind of traffic is blocked when the Blocked Sites component is used?
Inbound and outbound
What kind of scans would trigger the automatic adding device’s IPs to the Blocked Sites list?
IP scans or Port scans
Can internal devices that performs IP scans or port scans be added to the Blocked Sites list as well?
Yes
What type of addresses are not displayed in the Blocked Sites list?
- API calls
- ThreatSync
Which take precedence, blocked sites list added through API calls/ThreatSync or Default Threat Protection’s Blocked Sites?
Default Threat Protection’s Blocked Sites?
In Default Threat Protection, which component is designed to add any ports to be blocked for inbound traffic?
Blocked ports
In Default Threat Protection’s blocked ports, does it include the blocking of outbound traffic?
No
Can any policy changes override the Default Threat Protection’s blocked ports list?
No
When there is blocking issues, what kind of log does it show as?
Event logs, not only Traffic logs
Which security service is the first line of defense?
Default Threat Protection
Does Default Threat Protection take precedence over configured policy rules and other services?
Yes
By default, does the Blocked Ports list includes several ports related to known threats?
Yes
Does the Firebox block inbound traffic coming from external sources that use the blocked ports?
Yes
In Default Threat Protection, are there any sites that are blocked by default?
No, add them manually
For temporarily blocked sites, can a user connect to the site, but the site cannot initiate a connection to the user?
Yes
By default, how long can auto-blocked sites remain on the blocked sites list?
20 minutes
What kind of attacks are exempted when Firebox bypasses Default Packet Handling checks for sites on Blocked Site Exceptions list?
- IP Spoofing attacks
- IP Source Route attacks
In Default Threat Protection, which component is designed to automatically drop or block traffic that matches the pattern of well-known network attacks?
Default Packet Handling
What is the process called when your Firebox examines the IP address and port number of packet sources and destinations to identify risky patterns?
default packet handling
In Default Threat Protection, which component rejects a packet that could be a security risk, including packets that could be a part of a spoofing attack or SYN flood attack?
default packet handling
In Default Threat Protection, which component automatically blocks all traffic to and from an IP address?
default packet handling
In Default Threat Protection, which component throttles a DDoS attack?
default packet handling
In Default Threat Protection, which component adds an event to the log file?
default packet handling
In Default Threat Protection, which component sends an SNMP trap to the SNMP management server
default packet handling
In Default Threat Protection, which component sends a notification of possible security risks?
default packet handling
In Default Threat Protection, which component blocks or drops traffic for dangerous activities by default?
default packet handling
Define a drop action
Drops the connection
Define a block action
Drops the connection and adds the site to the auto-blocked sites list
What is the term for a packet that does not match any configured firewall policy?
Unhandled packet
What is the default behavior of Firebox with unhandled packets?
- Denies all unhandled packets
- Generates a log message
- Does not auto block the source of unhandled packets
Where is Application Control enabled?
Proxy policy
Where is Intrusion Prevention Service enabled?
Proxy policy
What does IPS and Application Control require to fully function?
Content inspection
Where can you enable Application Control?
On any type of policy
Is Application Control limited to protocol-specific policies?
No
What kind of connections does the Application Control work on?
Both inbound and outbound connections
What can you do to the applications using Application Control?
Monitor or restrict
