Moneyball Sdr Quiz - July 2014

10 Questions

Settings
Please wait...
Internet Quizzes & Trivia

Questions and Answers
  • 1. 
    Traditional firewalls only detect network attacks and only inspects IP addresses?
    • A. 

      True

    • B. 

      False

  • 2. 
    IPS (Intrusion Prevention Systems) only detect known signatures, has no understanding of the application, has high rates of false positives/negatives, has no user / session tracking and provides no protection of SSL, HTTP and or HTTPS traffic?
    • A. 

      True

    • B. 

      False

  • 3. 
    What is an attack technique in which the hacker sends database commands through a web application (form fields or URL parameters) to the backend database to retrieve DB data such as credit card #'s as well as to modigy or delete data?
    • A. 

      XSS (Cross-Site Scripting)

    • B. 

      SQLi (Sequel Injections)

    • C. 

      DDoS Attack

    • D. 

      Brute Force Attack

  • 4. 
    What is Dynamic Profiling?
    • A. 

      Profiling feature that allows you to easily demonstrate an automatic, repeatable process for reviewing access rights, which is a requirement of regulations like SOX and PCI.

    • B. 

      A tool that blocks automated hacking attempts from bots or hackers by updating the WAF in near real-time on current hacks, attacks, bots and malicious IP addresses

    • C. 

      A technology feature that builds a “white list” of acceptable user behaviors by forming a baseline on activities across your applications and correlating those with threats and attack reputations to accurately block the bad users yet allow the good users through

  • 5. 
    What is Virtual Patching?
    • A. 

      Profiling feature that allows you to easily demonstrate an automatic, repeatable process for reviewing access rights, which is a requirement of regulations like SOX and PCI.

    • B. 

      A tool that blocks automated hacking attempts from bots or hackers by updating the WAF in near real-time on current hacks, attacks, bots and malicious IP addresses

    • C. 

      A technology feature that builds a “white list” of acceptable user behaviors by forming a baseline on activities across your applications and correlating those with threats and attack reputations to accurately block the bad users yet allow the good users through

    • D. 

      A feature that integrates with a web scanner to patch vulnerabilities identified in web applications. Applying a patch significantly lessens the window of exposure to future or ongoing attacks

  • 6. 
    What is Threat Radar?
    • A. 

      Profiling feature that allows you to easily demonstrate an automatic, repeatable process for reviewing access rights, which is a requirement of regulations like SOX and PCI.

    • B. 

      A tool that blocks automated hacking attempts from bots or hackers by updating the WAF in near real-time on current hacks, attacks, bots and malicious IP addresses

    • C. 

      A technology feature that builds a “white list” of acceptable user behaviors by forming a baseline on activities across your applications and correlating those with threats and attack reputations to accurately block the bad users yet allow the good users through

  • 7. 
    WAFs are deployed ________ Web servers to protect Web applications against hackers' attacks, to monitor access to Web applications, and to collect access logs for compliance/auditing and analytics (check the best answer). 
    • A. 

      Behind

    • B. 

      In front of

    • C. 

      In line with

    • D. 

      Cloud only

  • 8. 
    WAFs are are typically deployed locally (on-premises) and cannot be deployed remotely (hosted, "cloud" or "as a service")?
    • A. 

      True

    • B. 

      False

  • 9. 
    Select the best answer about Imperva's SecureSphere WAF scanning and patching capabilities:
    • A. 

      We can Virtually Scan and Patch known vulnerabilities

    • B. 

      We can scan only

    • C. 

      We rely on partners (Whitehat, Rapid 7, Qualys) to patch while WAF does the scanning

    • D. 

      We integrate with the leading vulnerability assessment scanners (Whitehat, Rapid 7, Qualys, Veracode) and patch these vulnerabilities once identified

  • 10. 
    Firewalls, NGFWs & IPS solutions are important and much needed technologies for companies that want to detect attacks at the network and transport layers (layers 1-6).  However, if companies are concerned about detecting and blocking advanced attacks at App Layer 7 such as Fraud, DDoS, SQLi, XSS, Form Field Tampering, Brute Force Login, Session Hijacking, Directory Traversal, Application Denial of Service, etc., they should engage in a discovery call w/Imperva to discuss our approach to further protect company assets.
    • A. 

      True

    • B. 

      False