NSE7 ATP 2.5 Highlights

Ace your homework & exams now with Quizwiz!

How many STIX package types are supported? a. 1 b. 3 c. 2 d. 4

2

There are how many types of threat actors? 5 3 6 3 2

2

How many points of the "kill chain" can Fortinet solutions help with?

3

There are how many "threat actor names"? 4 3 7 5 6

5

How many stages exist in the "Kill Chain"? 6 8 4 7 9

7

How many Sandbox components are there: a. 6 b. 8 c. 10 d. 9

9

Describe FortiWeb's role with Sandbox

Detect and Block Known Bad Offload Suspicious to Sandbox Prevent Outbreak

Outbound Best Practice

Inbound traffic should be inspected to detect malware and intrusion attacks

Three types of HA nodes:

Master Primary Slave Slave

Outbound traffic best practice

Outbound traffic should be inspected to detect requests for botnet IP and malicious URLs.

Where do you look to determine what engine rated a sample?

Scan Report First page and above the "more details" section

What are the scan job "malicious 7"

Static Analysis Files created Files deleted Files Modified Launched Processes Registry changes Network Behaviors

What field name on the widget holds the status of SIMNET?

VM Internet Access

Analysis Details Section of the Scan Job Report will show how many VMs were used for scanning a. true b. false

a

Does Fortinet have solutions to break this stage of the "kill chain": Command and Control a. yes b. no

a

Does Fortinet have solutions to break this stage of the "kill chain": Delivery a. yes b. no

a

Does Fortinet have solutions to break this stage of the "kill chain": Lateral movement a. yes b. no

a

FortiClient will automatically quarantine malicious and suspicious files? a. true b. false

a

FortiMail can submit URLs to the Sandbox: a. true b. false

a

HA Nodes required dedicated communication interface a. yes b. no

a

HA supports a. 100 nodes b. 500 nodes c. 1000 nodes

a

Stix 1.2 is supported a. yes b. no

a

Suspicious is indicative of malware a. true b false

a

The FortiGate can submit files to the Sandbox: a. true b. false

a

The Master and Primary Slave models must be identical a. true b. false

a

What ports can be used as sniffer ports? a. 1 and 3 b 6 and 9 c any port except 1 and 3 d any port except 1

a

Where to look to find out "sample specific info" a. Scan Report > More details

a

Sequence of default Scan order: a. antispam-content-sandbox b. sandbox-antispam-content c antispam-sandbox-content

a. anti-Spam, content,sandbox is default and preferred order. Sandbox last is always best

Does FortiSandbox support more than one quarantine folder? a. Yes - supports max of three b. Yes - supports max of two c. No

b

Does FortiWeb queue up connections to Sandbox? a. yes b. no

b

Does Fortinet have solutions to break this stage of the "kill chain": Data Exfiltration a. yes b. no

b

Does Fortinet have solutions to break this stage of the "kill chain": Exploitation a. yes b. no

b

Does Fortinet have solutions to break this stage of the "kill chain": Reconnaissance a. yes b. no

b

Does Fortinet have solutions to break this stage of the "kill chain": Weaponization a. yes b. no

b

The Fortigate can submit URLs to the Sandbox: a. true b. false

b

Will "AV Scanner" rating engine work with SIMNET ON? a. yes b. no

b

Will "IP Reputation" rating engine work with SIMNET ON? a. yes b. no

b

Will all rating engines work with SIMNET ON? a. yes b. no

b

non-primary slave models must be identical: a. true b. false

b

The following services are simulated by SIMNET, when ON: a. IMAP b. SMTP c. RPC/HTTP d. HTTP e. HTTPS f. DNS Multiple answers Answer with corresponding letters; separate answers with a space

b d e f

Risk level color: low

blue

SIMNET: a. Is used to simulate large amount of user traffic b. To test network connectivity c. To simulate some Internet services if PORT 3 has no Internet access d. To get more accurate behavioral-based analytics

c

Virtual Simulator is used to analyze: a. Java b. Java Beans c. JavaScript

c

What is the name of the fifth stage of the "kill chain"?

command and control

Opportunistic attacks: a. Are taking an opportunity to go after a hated target b. Are trying to create a denial of service attack c. Have insider knowledge used to go after a prior employer d. Are not after a specific target

d

What is the name of the last stage of the "kill chain"?

data exfiltration

What is the name of the "kill chain" stage after "weaponization"?

delivery

What is the name of the third stage of the "kill chain"?

delivery

What is the name of the "kill chain" stage before "command and control"?

exploitation

What is the name of the fourth stage of the "kill chain"?

exploitation

Risk level color: red

high

What is the name of the "kill chain" stage before "data exfiltration"?

lateral movement

What is the name of the sixth stage of the "kill chain"?

lateral movement

Malware hash and IOC STIX info is in this type of STIX Package: "_______________________ Package"

malware

Name the two types of STIX packages supported

malware url

Master tasks

normal scanning duties manages the cluster distributes jobs gathers verdicts

Name the two main types of attacks (separate each answer with a space)

opportunistic targeted

Risk level color: orange

orange

Suspicious Indicators

parsed from tracer engine logs from static AND dynamic analysis Rules are dynamic and updated by FortiGuard The Suspicious Indicators are what the rating engine parsed out of the tracer's log as behaviors indicative of malware. These are behaviors from the VM scan as well as any behaviors observed from the static analysis. The suspicious indicators are all based on a set of rules used by the rating engine, which is constantly updated by FortiGuard.

FortiClient with FortiMail and Sandbox help prevent

patient zerro

Role of Primary Slave Node

primary slave node provides failover protection for the master node master and slave should be same model

What is the name if the first stage of the "Kill Chain"?

reconnaissance

Where is Internet Access for port 3 enabled or disabled?

scan policy general

Timeout value must give enough time for virtual machine _________ to complete

scanning

What widget displays SIMNET status, if ON

system info

What is the second stage of the "kill chain" named?

weaponization


Related study sets

French CSET review questions, french cset

View Set

RHEUMATOLOGY, Orthopedics, Dermatology

View Set

Chapter 7: Introduction to Hypothesis Testing

View Set

2014 NEC Chapter 2 Wiring and Protection

View Set

CW 1.1: Early Tensions Between East and West

View Set