FORTINET TRAINING - FORTINET NSE2 (EVOLUTION OF

CYBERSECURITY)
SOAR
In this lesson, you will learn what SOAR is and how it benefits network security. In networks where the
complexity and manual tasks delay responses to cyber-attacks, SOAR automates an orchestrated
response, which ensures a timely neutralization of an attack or breach and relief to teams who suffer
from a skills shortage.

1. What does the acronym SOAR stand for?

* Security, Orchestration, Automation, & Response

2. Identify a benefit of SOAR.

* Increases your security team’s efficiency by automating repetitive manual processes.

3. What is alert fatigue?

* When an analyst is overwhelmed from the number of alerts coming in.

4. What are playbooks used for?

* To automate actions an analyst typically would have to complete manually.

5. Why is SOAR used?

* To synchronize tools, accelerate response times, reduce alert fatigue, and compensate for the skill shortage gap

6. From the choices below, what is the best description of S.O.A.R?

* Connects all tools in your security stack together into defined workflows that can be run automatically.

Cloud Security
In this lesson, we explore the mysterious "cloud", what it really is, how it came to be, and some of the
security issues that we encounter there.

1. What was the technology that made cloud computing possible?

* Virtualization

2. When a customer’s data and services are moved to the cloud, who is ultimately responsible for the
security of the data?
* The customer

3. What is cloud computing?

* The practice of using a network of remote servers hosted on the Internet to store, manage, and
process data.

4. Which three cloud service vendors does the Fortinet Security Fabric integrate with? (Choose three.)
* AWS
* Google Cloud
* Azure

5. Basic cloud security can be achieved by implementing native cloud security tools.
What problem might occur if customers rely solely on these tools?
* The tools may have limitations customers are not aware of.

6. What drove organizations to move from the traditional network architecture to the cloud?
* The cloud allows for potential cost savings, and moves costs from capital to operational budgets.

7. What is SaaS?
* A virtualized application environment in the cloud

SD-WAN
In this lesson, we'll take a look at how organizations with multiple locations have traditionally connected
their networks together, and how the internet and other advances allow them to save money and be
much more flexible.

1. In which two ways does FortiGate solve security issues with SD-WAN? (Choose two.)
* Includes application control, URL filtering, IPS
* Integrates with FortiSandbox and provides SSL inspection

2. Which Fortinet product provides both SD-WAN and NGFW security?

* FortiGate

3. What are two advantages of having integrated security and SD-WAN in a single appliance? (Choose
two.)
* Provides secure direct Internet access
* Provides application control for encrypted traffic

4. What are two attributes of an SD-WAN network? (Choose two.)

* Simplifies with zero-touch provisioning and centralized control
* Augments MPLS with affordable broadband connections

5. What are three major weaknesses of the traditional network that SD-WAN solves? (Choose three.)
* Provides direct internet access to SaaS applications
* Reduces application latency

6. What are two major weaknesses of SD-WAN? (Choose two.)

* No inherent defense against advanced threats
* Encrypting data conceals viruses that can bypass an antivirus check

7. Which two statements about SD-WAN are true? (Choose two.)

* Traffic control is a significant feature of SD-WAN.
* SD-WAN can provide application visibility.
Endpoint
In this lesson, you will learn about how the rise of personal computers led to an explosion in the
quantity of malware attacks and how endpoint software solutions were created to protect users from
those attacks. Over time, the scope of endpoint solutions has expanded to include much more than just
anti-virus.

1. Why is the security of endpoint devices important? (Choose two.)

* Endpoints can be a way to access other important data and devices on the network
* Endpoints hold valuable data

2. What must modern endpoint solutions do to be effective today?

* Go beyond simple signature comparisons

3. Which device is not considered an endpoint device?

* Ethernet switch

4. Which method did early antivirus products use to detect malware?

* They compared the signature of the file with a list of known virus signatures.

5. In addition to existing, known threats, what other types of threats must modern endpoint solutions
detect?
* Unknown threats

6. What were early endpoint security products known as?

* Antivirus software

7. How did the rise of the Internet affect the rate at which new malware variants appear?
* The rate increased tremendously

Threat Intelligence Services

In this lesson, you will learn how security vendors collect threat information from various sources and
provide access to that collected knowledge to detect not only malware, but all sorts of bad behaviors.

1. Which are three functions of sandboxing? (Choose three.)

* Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be
shared worldwide.
* Sandboxing products take a suspect file and places it in an environment where its behaviors can be
closely analyzed.
* Depending on the configuration, the owner of the sandbox can propagate this new knowledge across
their network security environment
2. The threat intelligence service catalogs data about existing or emerging attacks, including the specific
mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as?
* Indicators of compromise

3. In the early days of threat intelligence service, in which three timeframes were vendor updates
released? (Choose three.)
* Once a year
* Quarterly
* Monthly

4. What happens when each known malware file is represented by a one-to-one signature approach?
* It does not scale well, because the number of malware files increases by millions or more each day.

5. Which statement about cyber-attacks is true?

* Security products and threat intelligence services that can act together in real time stand the best
chance of stopping these attacks.

6. What happened when malware became more sophisticated and able to change its own file content?
* A single type of malware became an entire malware family, consisting of perhaps thousands of
different files, but each file performing the same bad behaviors.

Firewall
In this lesson, you will learn how firewalls were created to solve early network security problems and
how, as those problems changed, firewall technology has adapted to keep networks protected.

1. In network security, what is the purpose of a firewall?

* To control the flow of network traffic

2. What three key, additional security features do next-generation firewalls provide, that legacy firewalls
do not? (Choose three.)
* Application visibility and control
* Intrusion prevention system (IPS)
* Web application firewall

3. What works closely with FortiGate next-generation firewall products to provide the highest level of
network security?
* FortiGuard Labs

4. What did early packet filter firewalls do when they detected a packet that did not comply with their
rules? (Choose two.)
* Silently dropped the packet
* Blocked the packet and sent a message to the sender

5. What is Fortinet’s range of next-generation firewall devices called?

* FortiGate
6. With the explosion of the World Wide Web, the composition of network protocols skewed heavily
towards HTTP. What challenge did this shift pose to legacy firewalls?
* Different web applications used the same HTTP port number, making it difficult for firewalls to
distinguish between applications.

7. What additional functionality did second generation firewalls provide that early packet filter firewalls
did not?
* They observed network connections over time and continuously examined conversations between
endpoints.

Network Access Control

In this lesson, you will learn about technologies that identify what's on your network in order to control
which devices can connect and which devices are blocked.

1. Which three statements are advantages of implementing a FortiNAC solution? (Choose three.)
* FortiNAC can profile headless devices that are not equipped with an agent.
* The FortiNAC solution has complete visibility into the network.
* FortiNAC is integrated into the security framework.

2. Which two network security concerns have grown dramatically for businesses in recent years?
(Choose two.)
* IoT devices connecting to a network
* Need for overall network visibility

3. What is one shortcoming of NAC solutions?

* Some NAC solutions underperform in wired environments, creating a security vulnerability.

4. What are the three key activities performed by NAC? (Choose three.)
* Discover all devices on the network
* Profile all devices to identify what access they should have
* Provide appropriate network access to devices

5. What is one characteristic of headless devices?

* Devices that cannot take a 3rd party security agent

6. What two security challenges do IoT devices present to IT security professionals? (Choose two.)
* They can be exploited by bad actors.
* They often do not support security programs.

7. When NAC is first deployed, what is one of the first tasks it performs?
* Profiles all connected devices

Source for this module: kaso po limited lang unless magbayad ka hahaha
https://www.scribd.com/document/448873307/NS2-Module-6-pdf
==============================================
Sandbox
In this lesson, you will learn about a security technology that can detect threats that have never been
detected before.

1. How does sandbox solve the problem of aggregating threat intelligence data?
* By sharing valuable threat intelligence to the security devices on its network

2. Which two problems was network security experiencing before the introduction of a sandbox
solution? (Choose two.)
* Network security was unable to handle a coordinated attack using different threat vectors and
methods.
* Security devices did not communicate with other security devices on the network.

3. For which two reasons was the sandbox solution added to network security? (Choose two.)
* Firewalls and AVs were helpless against unknown threats.
* Unknown threats needed to be quarantined.

4. What is the purpose of the sandbox?

* To observe the activity of unknown code in a quarantined environment

5. What are two characteristics of a sandbox? (Choose two.)

* If something unexpected or malicious happens, it affects only the sandbox.
* A sandbox confines the actions of code to the sandbox device and in isolation to the rest of the
network.

6. Which two business problems is FortiSandbox trying to solve? (Choose two.)

* The potential to exploit OS or application weaknesses with malignant code
* The choice of performance over security by businesses

7. What is a zero-day attack?

* Exploiting an unknown deficiency in code.

Secure Email Gateway

In this lesson, you will learn how email can be used for malicious purposes, and the security
technologies that can detect friend from foe.

1. What are spam filters?

* Filters that identify specific words or patterns in email messages in order to validate the content of
those messages

2. What are two benefits of FortiMail integration? (Choose two.)

* FortiMail can be integrated with segmentation firewalls
* FortiMail can be integrated with edge firewalls.
3. What is phishing?
* The practice of tricking unsuspecting people into revealing sensitive information or to handing over
money

4. What are three benefits of FortiMail? (Choose three.)

* FortiMail identifies spam and phishing emails.
* FortiMail filters outgoing traffic to protect valuable data.
* FortiMail integrates with FortiSandbox to identify advanced threats.

5. Which feature can be added to secure email gateway?

* Data leak prevention (DLP)

6. For which two reasons do you need to deploy Sender Policy Framework (SPF)? (Choose two.)
* SPF is an email authentication method that detects fake sender addresses and emails.
* SPF secures the network by strengthening the authentication method.

7. What are two characteristics of FortiMail? (Choose two.)

* FortiMail integrates with firewalls and sandboxing solutions.
* FortiMail is a secure email gateway (SEG).

Security Information & Event Management

In this lesson, you will learn about how knowledge gained from network devices and services can be
used to both detect bad behaviors as they happen, and also provide rich historical data to show what
happened in the past.

1. Which two requirements led to the development of SIEM? (Choose two.)

* To contend with the flood of alerts issued from IPSs and IDSs
* To measure and prove compliance to various legislations

2. How did SIEM evolve?

* From an information platform to a fully integrated and automated center for security and network
operations

3. Which three tasks must technology perform to satisfy network security compliance requirements?
(Choose three.)
* Store log data for a length of time that satisfies auditing requirements
* Aggregate logs from many network sources
* Monitor, correlate, and notify events in real-time

4. Which three regulatory standards and acts must businesses, hospitals, and other organizations
comply with? (Choose three.)
* HIPAA
* GDPR
* PCI

5. What does the term SIEM stand for?

* Security Information and Event Manager
6. Which three problems does SIEM solve? (Choose three.)
* More sophisticated and stealthy cyber attacks
* The complexity of technology and the difficulty with identifying attacks
* The long delay in discovering security breaches by security teams

Web Application Firewall

In this lesson, you will learn about the security technologies specifically designed to protect web
services.

1. In which two ways does machine learning help make modern web application firewalls more
effective? (Choose two.)
* It allows them to perform behavior analysis at machine speed.
* It allows them to adapt to the ever-changing attributes of threats.

2. When considering web application firewalls, what two factors make a signature-based approach to
defense, obsolete? (Choose two.)
* Signature-based detection is not effective against zero-day exploits.
* Signature-based detection, when used alone, can generate many false positives.

3. What does a web application firewall do?

* It monitors and blocks malicious HTTP/HTTPS traffic to and from a web application.

4. What do web application firewalls do that traditional edge firewalls do not?

* Block SQL injection attacks

5. Which was the predecessor to a web application firewall?

* Application firewall

6. Which two products can be integrated with FortiWeb? (Choose two.)

* FortiGate
* FortiSandbox

7. Which statement about integrating FortiGuard Labs with FortiWeb, is true?

* FortiGuard Labs provides vital updates to FortiWeb about new threats.

Web Filter
In this lesson, you will learn about security technologies that can, based on policies, recognize the type
of content served up by a website, and then determine whether or not it can be accessed by network
clients.

1. What are two things that a web filter does? (Choose two.)
* It examines incoming web pages to determine if any of the content should be blocked.
* It makes decisions based on rules set in place by the company.
2. Web filters can provide a safe browsing experience by blocking which three threats? (Choose three.)
* Spyware
* Viruses
* Adware

3. Which method do web filters typically use to block web sites?

* They consult a URL database of websites and domains that are known to be harmful.

4. Web filters use rules to determine which web sites are blocked. Who or what sets the rules in place?
* The company or individual installing the application

5. What are two reasons our customers need web filters? (Choose two.)
* To prevent users from accessing objectionable content
* To prevent users from accessing websites containing malware

6. Which three products has Fortinet integrated web filters into? (Choose three.)
* FortiGate
* FortiClient
* FortiAP

Wi-Fi
In this lesson, you will learn about the technology that connects devices wirelessly, and the security
issues they raise.

1. What does WPA stand for?

* Wi-Fi protected access

2. The current best level of security provided for Wi-Fi networks is WPA3. Which other Wi-Fi security
protocol is also commonly recommended?
* WPA2

3. Why is wireless security necessary?

* To prevent eavesdropping by bad actors

4. When the Ethernet switch was introduced, what major benefit did it bring to networks?
* It reduced the number of transmission collisions that occur on a wired network.

5. In what year did the rise of the first wireless local access network occur?
* 1988

6. Which standard is Wi-Fi based on?

* IEEE 802.11