TippingPoint: Quarantine Functionality

Questions and Answers

What is the main functionality of TippingPoint Quarantine?

• Encrypting network traffic
• Detecting spyware infections
• Managing firewall rules
• Blocking insider threats and walk-in worms (correct)

How does Quarantine work with the source IP address in the packets?

• It masks the source IP
• It adds the source IP to the Quarantine list (correct)
• It blocks the source IP traffic
• It encrypts the source IP

In what ways can Blocking Quarantine be used?

• To enhance network speed
• To prevent an infected machine from spreading worms or leaking confidential information (correct)
• To block legitimate user traffic
• To hide network vulnerabilities

What does TippingPoint Quarantine communicate with switching infrastructures to do?

Isolate offending endpoints with remediation VLANs (C)

How does Quarantine prevent network infection?

By extending protection down to the endpoint (B)

What kind of information can Blocking Quarantine be used to inform the user about?

That something has gone wrong (D)

What does Quarantine block to prevent the leaking of confidential information?

Spyware infection (B)

Which part of the packets does Quarantine work with?

Source IP address (D)

What is the primary function of Spyware Filters?

Immediately block malicious flow (B)

When does Quarantine occur with regards to filter hits?

After excessive filter hits (C)

What can be configured to take effect before the threshold is triggered?

Permit and trust actions (D)

How are hosts released from Quarantine?

Redirect web requests to an external server (A)

What is the purpose of configuring a threshold of permitted traffic?

Define the hit count within a certain period for Quarantine actions (D)

What is the action taken when Trust actions are configured to take effect before the threshold is triggered?

Display a Quarantine web page to notify quarantined users (B)

What occurs if Quarantine actions are configured at a user-defined threshold?

The quarantine actions occur when the defined threshold is reached (D)

What is the purpose of setting thresholds to 1 and 1 for immediate block?

To block traffic immediately after the first hit meets the filter criteria (D)

Where can you apply the newly created Quarantine action set?

Profiles > Shared Settings > Action Sets (B)

What should be selected for the flow control when creating a new Quarantine action set?

Quarantine (B)

In which table will a host appear if the Action Set is configured for Block + Quarantine and no threshold is set?

Quarantined Hosts table (D)

What is the optional configuration for quarantine in the TSE settings?

Automatic timeout (A)

Which type of traffic will the newly created Quarantine action set be used to test?

ICMP Echo Request (Ping) traffic (D)

What is the main purpose of setting IPS Quarantine filters?

To apply quarantine to specific IP addresses (A)

What happens if a threshold is not set and an Action Set is configured for Block + Quarantine?

A host will appear in the Quarantined Hosts table and a blocked stream will be generated. (A)