Lesson 7: Traffic Management Filters

Questions and Answers

What action does the Block Rule take?

• Drops matching traffic (correct)
• Rate-limits traffic
• Bypasses DV inspection
• Allows matching traffic

When is the Trust rule used?

• When traffic needs to be rate-limited
• When traffic is from external users
• When performance optimization is needed (correct)
• When traffic is inspected against DV filters

In what scenario would the Allow Rule be applied?

• When traffic is inspected against DV filters (correct)
• When the traffic needs to be rate-limited
• When no further inspection is required once matched
• When external users attempt to access web servers

What type of parameters do Traffic Management Filters react to?

Limited set of parameters including source IP, destination IP, port, protocol, and other defined values (A)

What is the purpose of the Rate Limit rule?

To rate-limit the traffic to the specified rate before inspection against DV filters (A)

When are Block Streams and Rate-Limited Streams used?

Only for traffic management matches with block actions (A)

In what scenario would the Trust rule be more beneficial than the Allow rule?

When performance optimization is needed without DV inspection (D)

What is the primary purpose of Managed Streams?

To manage traffic that matches block or rate-limit actions (D)

What does flow-based inspection filters look at?

Packet headers and the packet payload data (B)

Which type of filter looks at the overall behavior of traffic over time?

Algorithmic filters (D)

What do reconnaissance filters focus on detecting?

Port scans and host sweeps (D)

Which type of filter is used to detect exploit-specific traffic?

Exploit-specific filters (A)

What type of filters look at the IP header?

Header based filters (A)

Which type of filter examines the source/destination IP, source/destination port, IP protocol, and VLAN?

Non-flow-based inspection filters (D)

What do vulnerability filters focus on detecting?

Vulnerabilities (B)

What is the purpose of creating a 4-way trust rule in a network environment according to the text?

To catch all possible directions for both scan and response (A)

What is the significance of creating multiple rules instead of a single rule in a network environment?

It ensures that traffic traversing each IPS device is accurately controlled (D)

What happens when a rate-limit Action Set is assigned to a Filter in a network environment?

All flows which match that filter will share the same 'virtual pipe' (C)

In the context of rate limiting, what does creating a 'virtual pipe' mean?

It groups together flows that match specific filters to share the same rate limit (C)

What is the main purpose of creating a rate-limit Action Set in a network environment?

To group together flows that need to share the same rate limit (D)

Why might it be necessary to create multiple rules for various segments and IPS devices in a network environment?

To account for variations in traffic traversal through different segments and IPS devices (C)

What does it mean when two filters share the identical Action Set in a network environment?

'Virtual pipes' are shared by all flows matching the filters (C)

What is the implication of assigning the same rate limit to multiple filters in a network environment?

'Virtual pipes' will be shared by all flows matching those filters (C)

What is the purpose of creating separate Action Sets with different names but the same rate limit value in a network environment?

To allow specific filters to have their own unique rate limits (D)