RCSS

Dos and DDoS are the most common attacks. Nowadays, Radware´s ERT is consistently seeing the Majority of these attacks lasting ____________. Continuously for 1 month (or longer). Between 5-7 days (for about 1 week). Continuously for 45-60 minutes (up to 1 hour). Between 12-24 hours (for 1-2 days).

Radware´s ERT research reports that the size of MOST DoS attacks __________________. Are over 10 Gbps in bandwidth. Are at least 8 million packets per second. Are less than 1 Gbps in bandwidth. Are at least 1 Gbps in bandwidth.

Identify the benefits of Radware´s "on-premises" AMS solution Select three best responses. Single point of contact. Signal scrubbing center in event of ISP saturation. Widest security coverage. Inmediate AMS for shortest mitigation response time. Integrated reporting system.

Many organizations enjoy the capabilities of DefensePro with 'up to 36 Gbps troughput' DefensePro device with these capabilities is the part of the _________________. X06 series. X420 series. X412 series. X016 series.

The HT Platform can mitigate up to 25 million pps of attack traffic while simultaneously allowing trough ________-. 20 Gbps. 10 Gbps. 60 Gbps. 40 Gbps.

Many clients are uncomfortable placing DefensePro directly inline due to increased latency, therefore, they put Defensepro out-of-path (OOP) There are several disadvantages for placing DefensePro out-of-path (OOP). What does Radware suggest doing to get the most benefit from a local out-of-path solution?. Install Radware Loop Switch. Configure interface grouping. Use Vision monitoring to divert traffic. Configure a span port on a switch.

Identify the benefits of the Radware Loop Solution for placing the DefensePro inline with traffic Select three best responses. No impact on peacetime traffic. Inmediate return of clean traffic. Multiple segments can be protected. Complete protection of all DDoS attacks L3-L7.

"The DefensePro operates transparently at Layer 2" Is this statement true or false?. True. False.

"You can edit or delete ONLY user-defined signatures" Is this statement true or false?. True. False.

"Is this a good practice to define two-way protection policies where traffic is coming in and going out in order to maintain fewer policies." Is this statement true or false?. True. False.

"AVR collects event from Vision database only when the status is Ocurred or Terminated." Is tis statement true or false?. True. False.

"Out-of-State Protection can only be configured globally." Is this statement true or false?. True. False.

"APSolute Vision Reporter can be limited by Vision´s role-based access by policy" Is this statement true or false?. True. False.

"DefensePro´s fuzzy-logic engine is configured by the user to compare real-time statistics. It is configured to use specific thesholds to analyze traffic." Is this statement true or false?. True. False.

"Radware recommends using policies in "report only" mode for and extended period of time. This does not effect the processing performance of the device and required less processing power than "block & report" mode." Is this statement true or false?. True. False.

"To view an attack in APSolute Vision Reporter, go to FORENSIC ANALYSIS window." Is this statement true or false?. True. False.

"During the initial configuration phase of deployment, Radware recommends the DefensePro be kept in REPORT ONLY mode for at least one week." Is this statement true or false?. True. False.

"Both symmetric traffic and asymetric traffic receive the SAME full support from the DefensePRO." Is this statement true or false?. True. False.

"ACL modules are enabled by default" Is this statement true or false?. True. False.

"The first protection strategy that should be in place is a network-wide protection policy that protects the entire network." Is this statement true or false?. True. False.

"DoS Shield Protection is enabled by default." Is this statement true or false?. True. False.

"On DefensePro version 6.x, start BDoS configuration using per-service rules. Only use Global rules as a final policy" Is this statement true or false?. True. False.

"Learning baselines are created by the DefensePro during peacetime, and they are not required for the DP to mitigate an attack." Is this statement true or false?. True. False.

From the time the DefensePro detects as new DoS attack, it generates a DoS-attack footprint, and the blocks the relevant flood traffic. On average, the DefensePro does this in _________ seconds. 60. 2. 18. 30.

________________ protection defends against pre-attack probes, ping sweeps, exposure to intrusions, and global network compromise. SYN flood. Anti-scanning. Worm propagation. BDoS.

_____________ shoud be the last line of defense for mitigating attacks because legitimate client sessions will be dropped. It filters out attacks that breach the set threshold and drops them. SYN Flood Protection. HTTP Mitigator. Connection Limit. SSL Protection.

_______________ is used to defend againsts known TCP,UPD,and ICMP floods and flood-attack tools. HTTP Mitigator. DoS Shield Protection. SYN Flood Protection. SSL Protection.

DefensePRO learning improves accuracy ove time. The DefensePro learning default value is set for _________________. one week (7 days). one month (30 days). one hour (60 minutes). one day (24 hours).

Administration on the DefensePro device is done almost completely using APSolute Vision using ____________ to communicate to the DefensePro. SSH. SMS. SNMP. SSL.

__________________ is the most accurate and effective mitigation method in the industry defending against known attacks. It provides precise prevention to known vulnerabilities. Signature Protection. SYN Flood Protection. HTTP Mitigator. SSL Protection.

Before configuring ACL rules, be sure to have already configured ______________,. Network classes. VLAN tag groups, if any used. Role-based access. Physical Port Groups.

When configuring Signature Protection Policies, Radware recommends _____________. Select the best response. Associating an action with a source IP address on marked threats. Using Source = Any & Destination = Protected Network. Informing users and administrator of the detected risk. Quarantining infected devices to prevent propagation of cyber threats.

APSolute Vision database ____________. Select the best response. Can grant access externally to up to 10 IPs. Is the databse from Vision Reporter (AVR). Is accessible remotely; can be managed via CLI. Collects real-time information from managed devices.

Asymmetric routing deployment makes it difficult for scrubbing centers tor protect SSL traffic. Identify the process used by DefensePro to mitigate SSL DoS/DDoS attacks. Match Step1 (From colum 1) with the first Process (from colum 2). The match all remaining steps to complete the process. STEP 1. STEP 2. STEP 3. STEP 4.

The DefensePro has two functional types of ports. Which of these statements is true about MANAGEMENT PORTS? Select two that are true. Multiple management ports can be configured on a single DefensePro device. Management traffic received on inspection port is implemented. DefensePro can be managed trough the scanning ports (e.g. scanning port can behave as a management port). Management ports are excluded, by default, from the security policies. Multiple IP addresses can be configured on a single management port.

The DefensePro has two functional types of ports. Which of these statements is true about INSPECTION PORTS? Select two that are true. Inspection ports can be used for configuration, maintenance, reporting, event notification. Inspection ports are excluded, by default, from the security policies. Inspection ports forward management traffic when received. Inspection ports cannot be configured with an IP address. Management traffic received on inspection port is dropped.

The real-time statistics engine tracks _______________- Select four that apply. Ratio of UDP to TCP. Connections per second. Packets per second. Bandwith. Ratio of TCP flags distributed.

Network Behavioral Analysis protection blocks _________. Select four that apply. TCP SYN Flood. ICMP Flood. TCP fragmentation flood. ACK flood. UDP flood.

Radware´s recommended general deployment guidelines for the DEfensePro include: Select three that apply. Use bi-directional policies. Reduce network classes. Use packet reporting. Avoid port-group definitions.

DNS Traffic Behavioral Analysis provides ______________- Select three that apply. Real-Time signature creation. DNS Reflective Attack Protection. Continuous learning of DNS traffic. Statistical authentication algorithm to prevent attacks behind proxy server.

During a SYN attacks, DefensePro determines volumetric changes and can ____________. Select two that apply. Process legitimate traffic with no performance degradation. Perform web quarantine to a violation page. Mitigate up to 25 million packets per second (hardware dependent). Choose Which type of traffic is more important to block.

On the DefensePro, traffic can be classified based on _________. Select three that apply. Physical port groups. Time of day. Networks. VLAN tags.

The NAME attached to a network classification is significant because _________. Select three that apply. The network class is bound to the NAME; it is a group. NAME is used as an index value. Multiple IP addresses and/or IP address ranges can be added to the network NAME. Only one network NAME can be used as either a source and destination network. IPv4 and IPv6 cannot be combined in a single network NAME.

Use Connection Limit to defend against ______________. Select three that apply. Full-connection attacks. Request attacks. UDP flood. Half-open SYN attacks. Single-packet vulnerability attacks.

HTTP Mitigator protection defends against _______________. Select two that apply. BOT-originated flood attacks. Bandwith-comsumption attacks. Spoofed IP addresses. Intelligence gathering. Brute force.

Server cracking protection focuses on characteristics and parameters for server cracking attempts; it defends a web-facing business from ___________. Select all that apply. Financial loss. Fraud. Confidential data theft. Reputation damage.

APSolute Vision Reporter (AVR) email notification include: ____________- Select all that apply. Support for SNMP Trap v1 & v2. Threshold for Email Delivery. Email format. Multiple Email addresses.

Server Cracking Protection _______________. Select three that apply. Is a read-only table; no new entries can be configured. Required symmetric network connectivity. Can protect (up to) 10.000 IP addresses. Uses a pre-defined profile.

APSolute Vision Reporter (AVR) _______________- Select all that apply. Is an historical reporting solution for the Vision server. Is launched from APSolute Vision. Provides customizable alerts and dashbords and event correlation. Receives data copied from Vision MySqL database.

You suspect an attack. You look at the Real time Monitoring Table for BDoS (see image). What changes should you make to the BDoS settings to correct this condition?. Decrease the Inbound/Outbound percentage of ICMP traffic in your quotas. Increase the Inbound/Outbound percentage of ICMP traffic in your quotas. Decrease the overall Inbound/Outbound Bandwidth. Increase the overall Inbound/Outbound Bandwidth.

Your DefensePro is not blocking any attacks. Based on the information shown (see image), why isn´t this device blocking any attacks?. The Network Protection rule has not been enabled. DefensePro will not block attacks if the Direction is set to two-way. The Action is set to Report Only. The Protected Network has not been defined.

A security server needs to be allowed to scan a network for open ports but is being blocked by the anti-scanning protections on the DefensePro. What is the best way to allow the server to scan but still protect from other malicious scan?. Use the White List to bypass just the anti-scanning protections for the source address of the security server. Use the Black List to block all scanning traffic going to the network, except for the security server. Use the White List to exclude the destination IP range from the anti-scanning protections. When setting up the anti-scanning protections, make sure the IP address range is not contained in any Source or Destination ranges.

You need a strategy to protect the network segment (shown) from both generalized and application-specific Denial-of-Service(DoS) attacks. The network segment contains Web Servers, DNS Servers, and Mail Servers -- each with very different levels of traffic Select one response as the best. Both B and C are needed. Create a BDoS Protection Policy based on the overall bandwith of the network segment. Create a separate BDoS Protection Policy for each application type, based on the bandwidth for each application.

You strongly suspect your servers were recently under attack. You open APSolute Vision and navigate to generate a report of attacks, but you see strange behavior -- no attacks appear. What does Radware recommend you do?. Conclude that DefensePro is doing its job mitigating all attacks. Open Vision´s geomapping dashboard to conduct further research. Verify that time is synchronized between the DefensePro device and Vision appliance using the NTP servers as a timesource. Open Global Security Policies and strengthen the protection policy settings.

You want to create a Security Policy for five different networks with different IP address ranges How should this be done?. First create each of the 5 different networks and create a network Group. Then add the Group to the Policy. First create the Security Policy. The add the 5 different networks to the Policy. First create one Network Name, then add 5 different networks and various IP address ranges to it. Add the Name to the Policy. First divide the IPs into Mask or Range and create a Group of IPs for Mask and a Group for Range. If you have IPv4 and IPv6, separate Groups. Then add the multiple Groups to the Policy.