Security Services

Question 1

Clientless VPN solution that provides a central location for your users to connect to cloud-hosted applications
and internal resources.

Answer 1

Access Portal

Question 2

Monitors and controls the use of applications on your network.

Answer 2

Application Control

Question 3

Uses signatures that can identify and deny over 1000 applications.

Answer 3

Application Control

Question 4

Cloud-based service that uses emulation analysis to identify the characteristics and behavior of zero-day
malware

Answer 4

APT Blocker

Question 5

Denies known botnet site IP addresses

Answer 5

Botnet Detection

Question 6

Prevents the unauthorized transmission of confidential information outside your network.

Answer 6

Data Loss Prevention (DLP)

Question 7

Detects and denies DNS requests to known malicious domains

Answer 7

DNSWatch

Question 8

Scans files to detect viruses in email messages and web or FTP traffic

Answer 8

Gateway AntiVirus

Question 9

Denies connections to or from the countries you specify.

Answer 9

Geolocation

Question 10

Uses artificial intelligence and machine learning to identify and deny known and unknown malware

Answer 10

IntelligentAV

Question 11

Uses signatures to provide protection against known software vulnerabilities

Answer 11

Intrusion Prevention Service (IPS)

Question 12

Identifies and denies unwanted and dangerous spam email messages

Answer 12

spamBlocker

Question 13

Blocks known Tor exit node IP addresses.

Answer 13

Tor Exit Node Blocking

Question 14

Controls access to websites based on content categories.

Answer 14

WebBlocker

Question 15

Which services scans files?

Answer 15

1. APT Blocker
2. Data Loss Prevention
3. Gateway AntiVirus
4. IntelligentAV

Question 16

What do you do if you don’t want to scan a specific file with APT Blocker, Data Loss Prevention, Gateway AntiVirus, and IntelligentAV

Answer 16

Add the MD5 hash of the file to the File Exceptions list

Question 17

Which services are on the Basic Security Suite (5)

Answer 17

1. Application Control
2. Botnet Detection
3. Gateway AntiVirus
4. Geolocation
5. Intrusion Prevention Service
6. spamBlocker
7. Tor Exit Node Blocking
8. WebBlocker

Question 18

Which services are only on the Total Security Suite

Answer 18

1. Access Portal
2. APT Blocker
3. Data Loss Prevention
4. DNSWatch
5. EDR Core
6. IntelligentAV

Question 19

Which security service does not use signatures to identify viruses?

Answer 19

IntelligentAV

Question 20

Is it possible to manually get the latest signatures or updates for the security services in Firebox System Manager?

Answer 20

Yes

Question 21

Where (2) can you get the latest signatures or updates?

Answer 21

1. Fireware Web UI
2. Firebox System Manager

Question 22

What database does Tor Exit Node Blocking use for known Tor exit node IP addresses?

Answer 22

Reputation Enabled Defense (RED)

Question 23

Which security services can be enabled in any packet filter policy or proxy policy? (4)

Answer 23

1 Application Control
2Geolocation
3 Intrusion Prevention Service
4 Tor Exit Node Blocking

Question 24

Which security service is intended to prevent basic networking attacks?

Answer 24

Default Threat Protection

Question 25

Which security service is intended to prevent flooding?

Answer 25

Default Threat Protection

Question 26

Which security service is intended to prevent denial of service?

Answer 26

Default Threat Protection

Question 27

Which traffic does Default Threat Protection apply to?

Answer 27

Internal and external traffic

Question 28

Which security service is used to mitigate some server or network misconfigurations?

Answer 28

Default Threat Protection

Question 29

Does Default Threat Protection available without any specific licensing?

Answer 29

Yes

Question 30

Does Default Threat Protection expire?

Answer 30

No

Question 31

Does Default Threat Protection rely on subscription services to block attacks?

Answer 31

No

Question 32

Does the Firebox process all components of Default Threat Protection before policies and services?

Answer 32

Yes

Question 33

Name 3 components that Default Threat Protection use:

Answer 33

1. Default Packet Handling
2. Blocked Sites
3. Blocked Ports

Question 34

Is there any policy-related settings that can override Default Threat Protection?

Answer 34

No

Question 35

Can Default Threat Protection impact built-in Firebox functions (i.e. VPNs)?

Answer 35

Yes

Question 36

In Default Threat Protection, which component is designed to prevent these attacks: DoS/DDoS Flooding, IP scans, Port Scans

Answer 36

Default Packet Handling

Question 37

In Default Threat Protection, name 4 attacks that can be prevent by Default Packet Handling

Answer 37

1 DoS/DDoS
2 Flooding
3 IP scans
4 Port Scans

Question 38

In Default Threat Protection, which component is designed to manually or automatically block traffic for IPs, subnets, and domains?

Answer 38

Blocked Sites

Question 39

What kind of traffic is blocked when the Blocked Sites component is used?

Answer 39

Inbound and outbound

Question 40

What kind of scans would trigger the automatic adding device’s IPs to the Blocked Sites list?

Answer 40

IP scans or Port scans

Question 41

Can internal devices that performs IP scans or port scans be added to the Blocked Sites list as well?

Answer 41

Yes

Question 42

What type of addresses are not displayed in the Blocked Sites list?

Answer 42

1. API calls
2. ThreatSync

Question 43

Which take precedence, blocked sites list added through API calls/ThreatSync or Default Threat Protection’s Blocked Sites?

Answer 43

Default Threat Protection’s Blocked Sites?

Question 44

In Default Threat Protection, which component is designed to add any ports to be blocked for inbound traffic?

Answer 44

Blocked ports

Question 45

In Default Threat Protection’s blocked ports, does it include the blocking of outbound traffic?

Answer 45

No

Question 46

Can any policy changes override the Default Threat Protection’s blocked ports list?

Answer 46

No

Question 47

When there is blocking issues, what kind of log does it show as?

Answer 47

Event logs, not only Traffic logs

Question 48

Which security service is the first line of defense?

Answer 48

Default Threat Protection

Question 49

Does Default Threat Protection take precedence over configured policy rules and other services?

Answer 49

Yes

Question 50

By default, does the Blocked Ports list includes several ports related to known threats?

Answer 50

Yes

Question 51

Does the Firebox block inbound traffic coming from external sources that use the blocked ports?

Answer 51

Yes

Question 52

In Default Threat Protection, are there any sites that are blocked by default?

Answer 52

No, add them manually

Question 53

For temporarily blocked sites, can a user connect to the site, but the site cannot initiate a connection to the user?

Answer 53

Yes

Question 54

By default, how long can auto-blocked sites remain on the blocked sites list?

Answer 54

20 minutes

Question 55

What kind of attacks are exempted when Firebox bypasses Default Packet Handling checks for sites on Blocked Site Exceptions list?

Answer 55

1. IP Spoofing attacks
2. IP Source Route attacks

Question 56

In Default Threat Protection, which component is designed to automatically drop or block traffic that matches the pattern of well-known network attacks?

Answer 56

Default Packet Handling

Question 57

What is the process called when your Firebox examines the IP address and port number of packet sources and destinations to identify risky patterns?

Answer 57

default packet handling

Question 58

In Default Threat Protection, which component rejects a packet that could be a security risk, including packets that could be a part of a spoofing attack or SYN flood attack?

Answer 58

default packet handling

Question 59

In Default Threat Protection, which component automatically blocks all traffic to and from an IP address?

Answer 59

default packet handling

Question 60

In Default Threat Protection, which component throttles a DDoS attack?

Answer 60

default packet handling

Question 61

In Default Threat Protection, which component adds an event to the log file?

Answer 61

default packet handling

Question 62

In Default Threat Protection, which component sends an SNMP trap to the SNMP management server

Answer 62

default packet handling

Question 63

In Default Threat Protection, which component sends a notification of possible security risks?

Answer 63

default packet handling

Question 64

In Default Threat Protection, which component blocks or drops traffic for dangerous activities by default?

Answer 64

default packet handling

Question 65

Define a drop action

Answer 65

Drops the connection

Question 66

Define a block action

Answer 66

Drops the connection and adds the site to the auto-blocked sites list

Question 67

What is the term for a packet that does not match any configured firewall policy?

Answer 67

Unhandled packet

Question 68

What is the default behavior of Firebox with unhandled packets?

Answer 68

1. Denies all unhandled packets
2. Generates a log message
3. Does not auto block the source of unhandled packets

Question 69

Where is Application Control enabled?

Answer 69

Proxy policy

Question 70

Where is Intrusion Prevention Service enabled?

Answer 70

Proxy policy

Question 71

What does IPS and Application Control require to fully function?

Answer 71

Content inspection

Question 72

Where can you enable Application Control?

Answer 72

On any type of policy

Question 73

Is Application Control limited to protocol-specific policies?

Answer 73

No

Question 74

What kind of connections does the Application Control work on?

Answer 74

Both inbound and outbound connections

Question 75

What can you do to the applications using Application Control?

Answer 75

Monitor or restrict