Lesson 8: Quarantine Functionality and Concepts

Questions and Answers

What should be selected for the flow control when creating a new Quarantine action set?

Block

Allow

Reset

Quarantine (correct)

What should the thresholds be set to for immediate block in Quarantine settings?

2 and 2

3 and 3

4 and 4

1 and 1 (correct)

For what purpose can TCP Reset be used as part of Quarantine Actions?

To reset the firewall

For SMTP virus filters (correct)

To block specific DNS requests

To configure VPN connections

Which profile will be used to test the newly created Quarantine action set?

DMZ Profile (D)

When can a host appear in the Quarantined Hosts table?

When it triggers a specific filter (B)

What is recommended to use quarantine for?

Unusual user activity (A)

What is the purpose of setting automatic timeout in quarantine?

To release quarantined hosts after a certain period (B)

Where would a blocked stream be generated when an Action Set is configured for Block + Quarantine and a threshold is not set?

In the Quarantined Hosts table (B)

What is one of the main functions of Spyware Filters?

Immediately block malicious traffic (B)

When does Quarantine occur, according to the lesson?

After excessive filter hits (D)

What can be configured to occur at a user-defined threshold?

Quarantine actions (D)

What action can be taken before the threshold is triggered?

Display a Quarantine web page (D)

What is one consideration when configuring Quarantine for web requests?

Display the Quarantine Block page (A)

What is one way hosts can be released from Quarantine?

Redirect web requests to an external server (A)

What should be done with other non-web traffic, according to the lesson?

Block other non-web traffic (B)

What can be reached by hosts in Quarantine?

Addresses which can be reached by quarantined hosts (A)

What is the main function of TippingPoint Quarantine?

Preventing insider threats and walk-in worms (B)

How does Quarantine work with the source IP address in the packets?

It adds the source IP to the Quarantine list (B)

When can Blocking Quarantine be used?

To prevent an infected machine from spreading worms (A)

What does Quarantine communicate with switching infrastructures to do?

Isolate offending endpoints with remediation VLANs (C)

How does Blocking Quarantine help inform the user?

By informing the user that something has gone wrong (C)

What type of threats does TippingPoint Quarantine primarily aim to block?

Insider threats and walk-in worms (C)

In what situation can Quarantine be used to prevent network infection?

When an infected machine is spreading worms (C)

What does TippingPoint Quarantine do with the source IP in the packets it inspects?

Adds it to the Quarantine list (D)