IPS vs Application Control
23 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main focus of IPS signatures?

  • Understanding and exposing the structure of industrial protocols
  • Detection of software version-based vulnerabilities
  • Protocol detection at various levels
  • Detection of exploits of industrial controller software (correct)

What is the primary focus of application control signatures?

  • Protocol detection at various levels (correct)
  • Detection of exploits of industrial controller software
  • Detection of software version-based vulnerabilities
  • Understanding and exposing the structure of industrial protocols

Which protocols are mentioned as being understood and exposed by the Fortinet flow engine?

  • HTTP, FTP, SMTP, SNMP
  • Modbus, IEC 104, DNP3, OPC, Siemens S7 (correct)
  • TCP, UDP, IP, ICMP
  • SSH, SSL, TLS, RDP

What is the purpose of deep packet inspection (DPI) and intrusion prevention system (IPS) signatures for IC'S protocols and applications context logging?

<p>To detect industrial software and software version-based vulnerabilities (B)</p> Signup and view all the answers

What type of vulnerabilities were several versions of Schneider Electric Accutech Manager vulnerable to?

<p>SQL injection attacks (D)</p> Signup and view all the answers

What do application control signatures detect in the context of protocols and telecontrol messages?

<p>Protocols used in the applications and contents of the telecontrol messages (A)</p> Signup and view all the answers

What is the purpose of the protocol dissectors in the Fortinet flow engine?

<p>To understand and expose the structure of industrial protocols (B)</p> Signup and view all the answers

What is the common action taken by both IPS and application control in terms of log and application context?

<p>Send to syslog servers FortiAnalyzer, FortiSIEM, and so on (B)</p> Signup and view all the answers

What is the focus of IPS in terms of vulnerability detection?

<p>Industrial software and software version-based vulnerabilities (A)</p> Signup and view all the answers

What aspect of the telecontrol messages do application control signatures detect?

<p>Contents of the telecontrol messages, like function codes, object types, and so on (C)</p> Signup and view all the answers

What is the primary purpose of intrusion prevention system (IPS) signatures?

<p>Detection of exploits of industrial controller software (B)</p> Signup and view all the answers

What feature can be used to refuse traffic from an attacker's IP-address?

<p>Source quarantine (A)</p> Signup and view all the answers

What can be done if matching signatures are not found in the database?

<p>Create custom signatures (C)</p> Signup and view all the answers

Which feature can be used to save a copy of packets that match any signatures included in the filter?

<p>Packet logging (A)</p> Signup and view all the answers

What is the subset of signatures in the database that are normally set to monitor?

<p>Rate-based signatures (B)</p> Signup and view all the answers

What does the application control feature consider first if application or filter overrides are configured?

<p>Application and filter overrides (D)</p> Signup and view all the answers

What does the quarantine feature of application control refuse based on?

<p>Attacker's IP-address (D)</p> Signup and view all the answers

What is used to block outgoing connections to botnet sites or record log messages?

<p>Block botnet C&amp;C communication (D)</p> Signup and view all the answers

What does the baseline-built environment provide?

<p>Baseline for anomalous activity (D)</p> Signup and view all the answers

What can be applied to provide alerts on anomalous activity outside of the baseline?

<p>Baseline-built environment (C)</p> Signup and view all the answers

What can be used for more granular application control?

<p>Ingress and egress application sensors (A)</p> Signup and view all the answers

What can be used to detect industrial protocols and perform granular message type identification?

<p>Granular message type identification (B)</p> Signup and view all the answers

What can be used to help define allowlist policy?

<p>Application signatures (B)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser