Beruflich Dokumente
Kultur Dokumente
mitigation capacity?
Select one:
a. None of the above
b. APS 2600
c. vAPS
d. APS 2800
When an administrator removes a temporarily blocked host from the list on View Protection Group page:
that host is removed from the temporarily blocked list
Select one:
a. and added to the permanent blacklist
Select one:
a. Syslog, Email: HTTP
The Web Traffic by Domain section on the View Protection Group page displays the
Select one:
a. blocked traffic for Web servers
Select one:
a. Filter and drop all traffic unnecessary to a Protection Group
b. Use only the default Protection Group and set to the High Protection Level
c. Allow all the traffic destined to a Protection Group to pass through Arbor APS
d. Use only the High Protection Level with ali mitigations enabled
Which of the following statements best describes the Block Malformed DNS Traffic category?
Select one:
a. It blocks any DNS messages (valid or invalid) that are sent to invalid ports
b. It blocks only invalid or blank DNS messages that are sent faster than a certain rate per second
c. It blocks DNS messages that produce NXDomain error responses from the DNS server
d. It blocks any invalid or blank DNS messages that are sent to port 53 J
The traffic that is inspected by the TCP Connection Reset settings is (Choose all Correct answers)
c. monitored to identify and block sources that are connected but do not maintain a minimum level of
activity
d. set to a lower Quality Of Service (QoS) level before being forwarded to the server
Solo C
Select one:
a. Use telnet because it is very easy to use
Select one:
a. search the System Events for hardware device alerts
The defining characteristic of the hosts that the Application Misbehavior settings block is
Select one:
a. not enough data sent to the server in the past minute
Which of the following is the most appropriate time to set the global protection level to medium?
Select one:
a. When highest level of protection is required with no consideration for blocking legitimate traffic
b. When under significant attack and stricter protection settings are needed. Unusual good traffic may
be dropped.
c. During non-attack time periods for everyday use.
d. When legitimate traffic cannot be blocked.
How does the TCP SYN Flood Detection category aggregate packet rates?
Select one:
a. By source IP
b. By source subset
c. By country
d. By TCP po rt
To ensure Cloud Signaling communications, which ports must be able to pass traffic through any tirewalls
between Arbor APS and the Cloud Signaling Server?
Select one:
a . 4 4 3 a n d 2 0 0 07 X
b. 443
La D
Which protocol and port are used to download updates from the ATLAS Intelligence Feed (AIF) server?
Select one:
a. SSH (port 22)
b. Cloud Signaling (port 7750)
c. Telnet (port 23)
Select one:
a They can be updated dynamically by the protection settings and manually by users
b. They are only updated manually by users
c. They are only updated dynamically as a result of the protection settings
d. They are added manually and removed dynamically
La C
What U DP port must be open for Cloud Signaling to function?
Select one:
a_ 443
b. 7550
c. 80
d. 8080
The DNS Rate Limiting settings restrict traffic to a specific number of requests per
Select one:
a. 1 second
b. 30 seconds
c. 1 minute
d. 5 minutes
Select one:
a. A rate setting must be configured with a numeric value (i.e. max values)
b. An attack that happened during a profile capture will not impact data accuracy
c. A protection must be enabled to populate the profile data for that protection
Inaccurate profiled data may result from changing the protection level during capture
La A
Select one:
a. block only malformed TLS requests
Select one:
a. prevent all attacks
Select one:
a. transit providers networks.
Select one:
a. Quick Start Card
b. License Card
Select one:
a. It blocks all ICMP packets of the protection group
c. It temporarily blocks sources that exceed the configured rate limit for ICMP packets "I
d_ It temporarily blocks destinations that receive more ICMP packets than the configured
threshold
True or False: Outbound threat filtering allows you to apply outbound Server Types to any Protection
Group.
Select one:
True
False
FALSE
Select one:
a. It is possible to define maximum thresholds for alert triggering for each baseline type globally
c. It is possible to define minimum thresholds for alert triggering for each baseline type globally
d. You can not disable alert types per protection group
Select one:
a. 10 20 Gbps
-
b. 1 -2 Gbps
c. 10 40 Gbps
-
Until DNS authentication validates the source of DNS requests, Arbor APS
Select one:
a. blocks the traffic and adds the source to the permanent blacklist
Select one:
a. permanent blacklists
b. permanent whitelists
c. attack signatures
d . p ro te c ti o n g ro u p p re f i x e s
La A
Select one:
a. A scrolling marquee in the administrative Web interface.
Select one:
a. on the Configure User Accounts page in the GUI
How does the HSM handle encrypted traffic for which it does not have a certificate to decrypt?
Select one:
a. The traffic is passed encrypted
Arbor APS provides alerting based on violation of traffic baselines. Which of the following is NOT a
baseline calculated by APS?
Select one:
a. Non-blocked invalid packets .1
b. Total traffic
c. Botnet traffic
d. Blocked traffic
select one:
a. They usually have high packet counts
What is displayed when viewing encrypted traffic on the Packet capture page of the UI?
Select one:
a. Only packets that are passed are displayed in English
c. Only encrypted traffic is displayed, however the drop reason (in English) is shown if the packet
was dropped
Select one:
a. passed
c. re di re ct ed
d. blocked
The IP Location section on the View Protection Group page displays the
Select one:
a. top IPs for the protection group
b_ blocked traffic for the protection group
c. prefix for the protection group
d_ countries with the most traffic for the protection group
Select one:
a. View Protection Group page NI (
When an administrator blocks a country in the IP Location section for a DNS Server protection group,
Select one:
a traffic from protected DNS infrastructure to recursive DNS servers located in this country is
blocked
d. all DNS queries from this countries are replied with NXDomain message
Prue or False: Arbor AP 's out-of-the-box configuration provides an IPv6 Default Protection Group.
S'elect one:
True X
False
FALSE
Before upgrading the Arbor APS package, the administrator must first
Select one:
a. uninstall the ArbOS package
On any page in the system, clicking the Create a PDF icon on the Arbor Smart Bar results in
Select one:
a. a new report being available for download from the Reports page
Which of the following pages displays the total traffic, passed traffic, blocked traffic, and number of blocked
hosts for a protection group?
Select one:
a. View Protection Group page Ne•
Select one:
a. clicking the Details button in the Attack Categories section
La A
Which of the following mitigations applies to both 1Pval and IPv6 traffic?
Select one:
a_ TCP Connection Reset
Select one:
a. be configured to accept traffic from the external mitigation port IP
What should an administrator consider when changing the global protection level?
Select one:
a. The higher the protection level, the more legitimate traffic might be blocked •
c. Protection levels have an impact only when the deployment is in monitor mode
d. Prevention of an ongoing attack is never changed if the protection level is lowered
Packets from whitelisted hosts are
Select one:
a. passed only after being inspected by all of the other protection categories
13_ passed immediately without further inspection
c . d r o p p e d wi t h o ut fu r t h e r i n
d_ passed to the Filter List for further inspection
Which of the following protection settings best protects against an HTTP attack that has no User-Agent
field in~e HTTP header?
Select one:
In the Configure General Settings page, which setting is valid for restrictive data retention?
Select one:
a. 20 clays
b. 5 m in u tes
c . 10 hours
d. 40 years
Which of the following system resources does NOT appear on the Summary page?
Select one:
a. CPU Utilization
b. Memory Utilization
c. Disk Utilization ve
d. Interface Utilization
Which of the following statements best describes the Cloud Signaling handshake protocol?
Select one:
a. Arbor APS always initiates a connection to the Cloud Signaling Server on TCP port 443 using SSL
b. Both the Cloud Signaling Server and Arbor APS initiate connections to each other on TOP port
443 using SSL X
c. Both the Cloud Signaling Server and Arbor APS initiate UDP connections on port 20007
d_ The Cloud Signaling Server always initiates a connection to Arbor APS on TCP port 443 using
SSL
LA A
In a Protection Group for which the ATLAS Intelligence Feed (Al F) Botnet Signature settings are
enabled for each Protection Level, what action must be performed to ensure that every botnet signature
is applied to all traffic destined for that Protection Group?
Select one:
a. Enable the Basic Botnet Prevention setting in that protection group
La A
Select one:
a. TCP handshake and TCP heartbeats and signaling
b. TCP handshake and LDP heartbeats and signaling .4(
Select one:
a. Set the global protection level to high
b. Select and block URLs in the Web Traffic By LJRL section of the View Protection Group page
c. Block Iran in the IP Location section of the View Protection Group page
d.. Initiate a Cloud Signaling request for mitigation X
LA C
h
When you restore protection settings for a standard server type to their default values
Select one:
a. the settings of any related custom server types that used this standard server type as its base
server type are not affected
b. the settings of any related custom server types that used this standard server type as its base
server type are set to match the settings of another generic server type
c. the settings of any related custom server types that used this standard server type as its base
server type are set to match the settings of another custom server type
d. the settings of any related custom server types that used this standard server type as its base
server type are returned to their default settings
La A
Which CLI command is used to show Arbor A PS's current bypass status?
Select one:
a . s e r v i c e s a p s b yp a s s s h o w
Select one:
a. The source host is added to the Temporarily Blocked Hosts list
LA A
Select one:
a. 443 (HTTPS)
b. 22 (SSH)
c. 25 (SMTP)
d. 80 {HTTP)
La B
What are the attack mitigation capabilities of the APS 2600?
Select one:
a. 10- 20 Gbps
b. 1 -2 Gbps
c. 10 40 Gbps
-
LA D
Which of the following services can the TCP SYN Flood Detection settings protect?
Select one:
a TFTP
b_ LWAPP
c. NTP
d. HTTID
Select one:
a. A record of all of the destination hosts that have been blocked, including the temporarily blocked
destinations
b. A record of all of the source hosts that have been blocked, excluding the temporarily blocked
sources
9
c. A record of all of the source and destination hosts that have been blocked, including the
temporarily blocked hosts X
cl_ A record of all of the source hosts that have been blocked, including the temporarily blocked
sources
La D
Select one:
a. Use radiusitacacs authentication. Use NTP to ensure all devices have their time synchomized.
Restrict the use of 0.0.0.010 when defining access lists .1
b. Leave the default password configured for the Admin account
c. Don't generate backups but, if they are required, be sure to store them locally on the
appliance d_ Do not use RadiusrTacacs authentication and NTP_ Use 0.0.0.010 when creating
access lists
Select the value proposition(s) for the Virtual APS (vAPS) product.
Select one:
a. Via Cloud Signaling it can be fully integrated with in-cloud DDoS protection (e.g., Arbor Cloud) for
comprehensive DDoS protection
Select one:
a. Monitor
b. Active X
c. Passive
d. In acti ve
La A
The primary reason that Arbor APS uses UDP for its heartbeats is so that it can
Select one:
a. signal upstream during a volumetric attack
Select one:
a. only the default protection group
b. all of the protection groups except those that have their own protection level configured
sipi
Which of the following documentation contains the instructions for upgrading the Arbor APS software?
Select one:
a_ Deployment Guide
b. Quick Start Card
c. License Email
d. User Guide Nt
If the administrator forgets the administrative password to Arbor APS,
Select one:
a. The appliance must be physically returned to Arbor Networks
La C
Select one:
a. a way to distinguish HTTP requests from each other
Blacklist and Whitelist are synced using handshake communications when? (select all correct answers)
La B
Select one:
a. HTTP requests per second
b . P a c k e ts p e r s e c o n d
c. Bits per second
Select one:
LA D
Select one:
a. Via the CLI
When a source host is automatically blocked by an inbound mitigation, traffic to that same source in the
outbound direction:
Select one:
a. Is blocked only if the outbound threat filter determines it should be blocked
c. Is automatically blocked X
d. Is never blocked
LA A o D
Which of the follow' is a valid location in the GUI for blocking and unblocking traffic coming from one or
more countries?
Select one:
la C
Which resource of a network or host does a TCP SYN flood attack attempt to exhaust?
Select one:
a. A R P T a b le
b. Partitioning table
c. Connections table
d_ Routing Table
What is the correct workflow (order of tasks) to set or optimize rate-based countermeasure settings using
Profile Capture?
Select one:
a_ 1_ Fine Tune Protection Settings, 2_ Analyze Profile Data, 3_ Capture Profile Data
b_ 1_ Analyze Profile Data, 2_ Capture Profile Data, 3_ Fine Tune Protection Settings
c. 1. Capture Profile Data, 2. Analyze Profile Data, 3. Fine Tune Protection Settings
La C
Which section of the View Protection Group page can be used to block traffic from a specific country?
Select one:
a. Top Protocols
b. Top Services
c. Temporarily Blocked Sources
d_ IP Location ...I
Select one:
a. customizable via the command line during installation
c. changed for all traffic graphs at the top of the View Protection Group page
d. changed for each traffic graph independently above the relevant graph X
La C
The DNS Regular Expression settings are most appropriate for blocking
Select one:
a. a specific HTTP request
La D
What statement is true when you blacklist or wilitelist from within a page that contains protection group-
level information?
Select one:
a. If you select all protection groups, it only applies to all protection groups of the same server
type
b. It can only apply to the specific protection group you are examining
If the GUI is not accessible, which CLI command can an administrator use to check the status of the Arbor
APS hard drives?
Select one:
a. service aps alerts show
Select one:
a. RSA PEM-encoded
b. PKCS7
c. PKCS12
d. DER
True or False: A unique username and password needs to be specified for each Cloud Signaling Server
that is added in Arbor APS's UI?
Select one:
True
False
FALSE
Arbor APS attempts to match administrator specified HTTP regular expressions to traffic when
-
Select one:
La D
Select one:
a. KVIVI, VMware Hypervisor
Select one:
a. View Protection Group page
LA A
Which of the following is NOT supported by Arbor APS for IPv6 traffic?
Select one:
a. Host Filtering on the Block Hosts Page
b. Inbound BlackNniteJisting
c. Outbound Black(Whitelisting
d. Packet capture processing
If a valid and trusted Partner site was reported as having connectivity problems, an Administrator can
Select one:
a. Enable AIF Botnet Protection
b. Add a payload regular expression for the Partners address on the Configure Protection Group
page
Select one:
a / services aps show
c. I system hardware
/ system aps show
LA A
What is not a Best Practice in configuring Arbor APS when protecting a Data Center?
Select one:
a. Configure Filter Lists to drop UDP traffic to all Protection Groups
b. While in Inactive Mode change protection levels to see if you see blocked hosts that you may want
to Whitelist in advance
c. Allow Internal traffic
d. Configure Filter Lists to drop unnecessary traffic into a Protection Group
LA A
Which of the following can NOT be configured for Threshold based alerting?
Select one:
a. Blocked Traffic Threshold
b. Whitelisted Traffic Threshold
c. Total Traffic Threshold
d. Botnet Traffic Threshold
LA B
Which of the following does Arbor APS use to identify reputation-based threats?
Select one:
a. Pre-defined payload signatures that are delivered with the software package
LA C
To enable DNS NXDomain protection, the administrator must configure a threshold to limit
the number of DNS requests that fail due to
Select one:
a. an invalid header
d. an unknown domain
La C
LA C
What CLI command is used to verify the versions of the AIF Feed components?
Select one:
LA B