PrepAway - Latest Free Exam Questions & Answers

What are two reasons for this behavior?

Click the Exhibit button. — Exhibit — — Exhibit — You are using AppDoS to protect your
network against a bot attack, but noticed an approved application has falsely triggered the
configured IDP action of drop. You adjusted your AppDoS configuration as shown in the
exhibit. However, the approved traffic is still dropped. What are two reasons for this
behavior? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
The approved traffic results in 50,000 HTTP GET requests per minute.

B.
The IDP action is still in effect due to the timeout configuration.

C.
The approved traffic results in 25 HTTP GET requests within 10 seconds from a single
host.

D.
The active IDP policy has not been defined in the security configuration.

6 Comments on “What are two reasons for this behavior?

  1. Mike says:

    The correct answers are B and D.

    For A -> where in the config is the mentioned 50 000 ?

    For C -> it is incorrect, as the config talks about 10 connections within 25 seconds.




    0



    0
  2. fe says:

    AJSEC book part 1 chapter 2 page 50
    1- HTTP service is monitored
    2- once the connection rate threshold exceeds 1000 connections per second , stage 2 (protocol profiling) is emplotyed
    3- hit-rate-threshold >> for heavy hitters
    value-hit-rate-threshold >> for random hitters (answer A)
    4- a single host needs to request the http-get-url context 10 times in a 25 second period to be classified as a malicious bot client. (so answer C is wrong)




    0



    0

Leave a Reply