What are the two (2) components required for the NetScreen Deep Inspection implementation?
A.
Policy Statements
B.
Signature database
C.
IDP Action Statement
D.
Service Book Group Entries
E.
Address Book Group Entries
Explanation:
Deep Inspection (DI) is a mechanism for filtering the traffic permitted by the NetScreen firewall. Deep Inspection examines Layer 3 and 4 packet headers and Layer 7 application content and protocol characteristics in an effort to detect and prevent any attacks or anomalous behavior that might be present.
When the NetScreen device receives the first packet of a session, it inspects the source and destination IP
addresses in the IP packet header (Layer 3 inspection) and the source and destination port numbers and protocol in the TCP segment or UDP datagram header (Layer 4 inspection). If the Layer 3 and 4 components match the criteria specified in a policy, the NetScreen device then performs the specified action on the packet-permit, deny, or tunnel2. When the NetScreen device receives a packet for an established session, it compares it with the state information maintained in the session table to determine if it indeed belongs to the session.
If you have enabled Deep Inspection in the policy that applies to this packet and the policy action is "permit" or
"tunnel", then the NetScreen device further inspects it and its associated data stream for attacks. It scans the packet for patterns that match those defined in one or more groups of attack objects. Attack objects can be attack signatures or protocol anomalies, which you can either define yourself or download to the NetScreen device from an attack object database server.