Security Services Flashcards

1
Q

Clientless VPN solution that provides a central location for your users to connect to cloud-hosted applications
and internal resources.

A

Access Portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Monitors and controls the use of applications on your network.

A

Application Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Uses signatures that can identify and deny over 1000 applications.

A

Application Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cloud-based service that uses emulation analysis to identify the characteristics and behavior of zero-day
malware

A

APT Blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Denies known botnet site IP addresses

A

Botnet Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Prevents the unauthorized transmission of confidential information outside your network.

A

Data Loss Prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Detects and denies DNS requests to known malicious domains

A

DNSWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Scans files to detect viruses in email messages and web or FTP traffic

A

Gateway AntiVirus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Denies connections to or from the countries you specify.

A

Geolocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Uses artificial intelligence and machine learning to identify and deny known and unknown malware

A

IntelligentAV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Uses signatures to provide protection against known software vulnerabilities

A

Intrusion Prevention Service (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Identifies and denies unwanted and dangerous spam email messages

A

spamBlocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Blocks known Tor exit node IP addresses.

A

Tor Exit Node Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Controls access to websites based on content categories.

A

WebBlocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which services scans files?

A
  1. APT Blocker
  2. Data Loss Prevention
  3. Gateway AntiVirus
  4. IntelligentAV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do you do if you don’t want to scan a specific file with APT Blocker, Data Loss Prevention, Gateway AntiVirus, and IntelligentAV

A

Add the MD5 hash of the file to the File Exceptions list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which services are on the Basic Security Suite (5)

A
  1. Application Control
  2. Botnet Detection
  3. Gateway AntiVirus
  4. Geolocation
  5. Intrusion Prevention Service
  6. spamBlocker
  7. Tor Exit Node Blocking
  8. WebBlocker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which services are only on the Total Security Suite

A
  1. Access Portal
  2. APT Blocker
  3. Data Loss Prevention
  4. DNSWatch
  5. EDR Core
  6. IntelligentAV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which security service does not use signatures to identify viruses?

A

IntelligentAV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Is it possible to manually get the latest signatures or updates for the security services in Firebox System Manager?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Where (2) can you get the latest signatures or updates?

A
  1. Fireware Web UI
  2. Firebox System Manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What database does Tor Exit Node Blocking use for known Tor exit node IP addresses?

A

Reputation Enabled Defense (RED)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which security services can be enabled in any packet filter policy or proxy policy? (4)

A

1 Application Control
2Geolocation
3 Intrusion Prevention Service
4 Tor Exit Node Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which security service is intended to prevent basic networking attacks?

A

Default Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which security service is intended to prevent flooding?

A

Default Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which security service is intended to prevent denial of service?

A

Default Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which traffic does Default Threat Protection apply to?

A

Internal and external traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which security service is used to mitigate some server or network misconfigurations?

A

Default Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Does Default Threat Protection available without any specific licensing?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Does Default Threat Protection expire?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Does Default Threat Protection rely on subscription services to block attacks?

A

No

32
Q

Does the Firebox process all components of Default Threat Protection before policies and services?

A

Yes

33
Q

Name 3 components that Default Threat Protection use:

A
  1. Default Packet Handling
  2. Blocked Sites
  3. Blocked Ports
34
Q

Is there any policy-related settings that can override Default Threat Protection?

A

No

35
Q

Can Default Threat Protection impact built-in Firebox functions (i.e. VPNs)?

A

Yes

36
Q

In Default Threat Protection, which component is designed to prevent these attacks: DoS/DDoS Flooding, IP scans, Port Scans

A

Default Packet Handling

37
Q

In Default Threat Protection, name 4 attacks that can be prevent by Default Packet Handling

A

1 DoS/DDoS
2 Flooding
3 IP scans
4 Port Scans

38
Q

In Default Threat Protection, which component is designed to manually or automatically block traffic for IPs, subnets, and domains?

A

Blocked Sites

39
Q

What kind of traffic is blocked when the Blocked Sites component is used?

A

Inbound and outbound

40
Q

What kind of scans would trigger the automatic adding device’s IPs to the Blocked Sites list?

A

IP scans or Port scans

41
Q

Can internal devices that performs IP scans or port scans be added to the Blocked Sites list as well?

A

Yes

42
Q

What type of addresses are not displayed in the Blocked Sites list?

A
  1. API calls
  2. ThreatSync
43
Q

Which take precedence, blocked sites list added through API calls/ThreatSync or Default Threat Protection’s Blocked Sites?

A

Default Threat Protection’s Blocked Sites?

44
Q

In Default Threat Protection, which component is designed to add any ports to be blocked for inbound traffic?

A

Blocked ports

45
Q

In Default Threat Protection’s blocked ports, does it include the blocking of outbound traffic?

A

No

46
Q

Can any policy changes override the Default Threat Protection’s blocked ports list?

A

No

47
Q

When there is blocking issues, what kind of log does it show as?

A

Event logs, not only Traffic logs

48
Q

Which security service is the first line of defense?

A

Default Threat Protection

49
Q

Does Default Threat Protection take precedence over configured policy rules and other services?

A

Yes

50
Q

By default, does the Blocked Ports list includes several ports related to known threats?

A

Yes

51
Q

Does the Firebox block inbound traffic coming from external sources that use the blocked ports?

A

Yes

52
Q

In Default Threat Protection, are there any sites that are blocked by default?

A

No, add them manually

53
Q

For temporarily blocked sites, can a user connect to the site, but the site cannot initiate a connection to the user?

A

Yes

54
Q

By default, how long can auto-blocked sites remain on the blocked sites list?

A

20 minutes

55
Q

What kind of attacks are exempted when Firebox bypasses Default Packet Handling checks for sites on Blocked Site Exceptions list?

A
  1. IP Spoofing attacks
  2. IP Source Route attacks
56
Q

In Default Threat Protection, which component is designed to automatically drop or block traffic that matches the pattern of well-known network attacks?

A

Default Packet Handling

57
Q

What is the process called when your Firebox examines the IP address and port number of packet sources and destinations to identify risky patterns?

A

default packet handling

58
Q

In Default Threat Protection, which component rejects a packet that could be a security risk, including packets that could be a part of a spoofing attack or SYN flood attack?

A

default packet handling

59
Q

In Default Threat Protection, which component automatically blocks all traffic to and from an IP address?

A

default packet handling

60
Q

In Default Threat Protection, which component throttles a DDoS attack?

A

default packet handling

61
Q

In Default Threat Protection, which component adds an event to the log file?

A

default packet handling

62
Q

In Default Threat Protection, which component sends an SNMP trap to the SNMP management server

A

default packet handling

63
Q

In Default Threat Protection, which component sends a notification of possible security risks?

A

default packet handling

64
Q

In Default Threat Protection, which component blocks or drops traffic for dangerous activities by default?

A

default packet handling

65
Q

Define a drop action

A

Drops the connection

66
Q

Define a block action

A

Drops the connection and adds the site to the auto-blocked sites list

67
Q

What is the term for a packet that does not match any configured firewall policy?

A

Unhandled packet

68
Q

What is the default behavior of Firebox with unhandled packets?

A
  1. Denies all unhandled packets
  2. Generates a log message
  3. Does not auto block the source of unhandled packets
69
Q

Where is Application Control enabled?

A

Proxy policy

70
Q

Where is Intrusion Prevention Service enabled?

A

Proxy policy

71
Q

What does IPS and Application Control require to fully function?

A

Content inspection

72
Q

Where can you enable Application Control?

A

On any type of policy

73
Q

Is Application Control limited to protocol-specific policies?

A

No

74
Q

What kind of connections does the Application Control work on?

A

Both inbound and outbound connections

75
Q

What can you do to the applications using Application Control?

A

Monitor or restrict

76
Q
A