[Ended] Round 4 | Technical Document Scavenger Hunt
  

Sangfor Jojo Lv5Posted 2024-Sep-30 10:53




Dear members,
We are excited to announce the launch of our Technical Document Scavenger Hunt! This activity aims to encourage all users to dive deeper into our newly published technical document in the Knowledge Base, enhancing your understanding and engagement with the material.

By participating, you'll not only sharpen your skills but also have the chance to collaborate and share insights with fellow users.

We hope this scavenger hunt will not only enrich your knowledge but also spark engaging discussions. Happy hunting, and may the best reader win!


1. Activity Rules                                                                                                                     

1)  All community users are invited to participate in the scavenger hunt.
2)  There will be a total of 4 questions related to the Sangfor Managed Cloud Services aDR Deployment Guide
3)  Participants must submit their answers via the designated platform by October 7th.
4)  Winners will be announced next Tuesday on the community platform.


2. Activity Duration                                                                                                               

Oct. 1st - Oct. 7th


3. How to Participate                                                                                                                                                                                                                  
1) Browse the Questions:
We have provided a list of questions based on the content of the document. Your goal is to find the
answers within the text.

2) Read the Document:
Start by simply reading the catalog. Taking your second reading thoroughly with the given questions
which will make you read more efficiently.

3) Use the Search Function:
Most digital documents have a search feature. Use keywords from the questions to quickly locate
relevant sections.

4) Submit Your Answers:
Once you have your answers, post them in the designated thread by the deadline.

5) Collaborate:
Feel free to discuss your findings in the forum and win 100 coins. Sharing thoughts and interpretations can lead to a deeper understanding and may help others in their search.



4.  Rewards                                                                                                                             

Correct Answers: 100 coins for each correct answer.

All Correct: An additional 100 coins for those who answer all questions correctly.


5. Scavenger Hunt Questions                                                                                               

Q1: Please list at least three actions that can be executed after the number of new connections exceeds the specified threshold.
Q2: In this version, users do not need to update the mapping between IP addresses and domain names manually, is it right or false?
Q3: Which two detection methods can be used to detect the "Unauthorized outbound access"?
Q4: What is the normal condition for the upgrade process?


Read this document:
SANGFOR_NSF_V8.0.95_Version Release Notes


6. How to Reply This Post                                                                                                   

Answer the above four questions starting with the following format which will make us work efficiently.

Q1: xxxxx
Q2: xxxxx
Q3: xxxxx
Q4: xxxxx

--------------------------------------------------------------------------------------------------------------------------------------

7. Answers Announced                                                                                                                    
1. Giving alerts, discarding sessions, and blocking IP addresses can be executed
2. Right
3. immediate detection and scheduled detection.
4. at least 40% of the total CPU and memory are available, and the network is connected.

Recommended Reading                                                                                                          


Congratulations to the following participants on getting coins!


vesogi7900 Lv3Posted 2024-Sep-30 11:47
  
Q1: 1. Giving alerts to administrators.
2. Discarding sessions.
3. Blocking IP addresses.

Q2: That is right. In this version, users do not need to update the mapping between IP addresses and domain names manually, as DDNS policies can automatically handle this mapping.

Q3: Unauthorized outbound access can be detected using the following two methods:

1. Immediate detection.
2. Scheduled detection.

Q4: The normal condition for the upgrade process is that at least 40% of the total CPU and memory must be available, and the network must be connected.
Newbie676033 Lv1Posted 2024-Sep-30 12:46
  
Q1) Please list at least three actions that can be executed after the number of new connections exceeds the specified threshold.

A) When the number of new connections exceeds the specified threshold, several actions can be executed, including:

Block the new connections: The system can block the incoming connections that exceed the predefined limit to prevent overload or malicious activities.
Send an alert or notification: The system can trigger an alert to the administrators, informing them of the abnormal activity so they can investigate and take necessary actions.
Rate-limiting: The system can implement rate-limiting to slow down the number of connections being established, reducing the likelihood of overwhelming the system.

Q2) In this version, users do not need to update the mapping between IP addresses and domain names manually, is it right or false?

A) It is true. In this version of the deployment, users do not need to manually update the mapping between IP addresses and domain names. The system can manage DNS records and IP mappings automatically, ensuring that services remain accessible without requiring manual intervention during failover or recovery processes.

Q3) Which two detection methods can be used to detect the "Unauthorized outbound access"?

A) Two detection methods that can be used to detect unauthorized outbound access are:

Signature-based detection: This method compares outgoing traffic against a database of known malicious traffic patterns and signatures to identify suspicious activity.
Anomaly-based detection: This method identifies deviations from normal network behavior by analyzing traffic patterns, flagging any unusual outbound connections that do not align with typical usage profiles.

Q4) What is the normal condition for the upgrade process?

A) The normal condition for the upgrade process is that network connectivity between the on-premises site and the Managed Cloud Services (MCS) must be bidirectionally reachable. Specifically, the management IP addresses of both the on-premises SCP and HCI, and the corresponding IP addresses in the MCS site, must be able to communicate with each other through ports like 443, 9093, and others necessary for data transmission. Additionally, the system components, including SCP, HCI, and SCC, must be compatible with each other, and the system must not be in maintenance mode during the upgrade.
Dwi Nur Lv2Posted 2024-Sep-30 13:00
  
Q1: giving alerts, discarding sessions, and blocking IP addresses
Q2: right, using ddns policy
Q3: immediate detection and scheduled detection
Q4: The upgrade process may take about 20 minutes under normal conditions
Newbie517762 Lv5Posted 2024-Sep-30 14:05
  
Q1: After the number of new connections exceeds the specified threshold, the following actions can typically be executed:
  • Block New Connections: Prevent any additional connections from being established until the situation is resolved.
  • Send Alerts: Notify administrators or relevant personnel about the threshold breach for immediate attention.
  • Log the Event: Record the incident in the system logs for future analysis and troubleshooting.


Q2: It is true that in this version, users do not need to update the mapping between IP addresses and domain names manually.

Q3: The two detection methods that can be used to detect "Unauthorized outbound access" are:

  • Traffic analysis.
  • Behavior analysis.


Q4: The normal condition for the upgrade process is that the system must be in a stable state without any ongoing critical issues or high loads.
Christ Lee Lv2Posted 2024-Sep-30 15:31
  
Q1: Giving alerts, discarding sessions, & blocking IP addresses
Q2: Correct, users do not need to update the mapping between IP addresses & domain names manually.
Q3: Detection objects (multiple NICs, wireless NICs, & 4G/5G NICs) and Detection methods (immediate detection & scheduled detection)
Q4: at least 40% of the total CPU and memory are available and the network is connected
ND Lv3Posted 2024-Sep-30 15:51
  
Q1: If the number of new connections exceeds the specified threshold, actions such as giving alerts, discarding sessions, and blocking IP addresses can be executed.
Q2: Right.
Q3: Unauthorized outbound access can be detected by scanning the NIC information and checking WLAN and WWAN services.
Q4: The upgrade process may take about 20 minutes under normal conditions (at least 40% of the total CPU and memory are available, and the network is connected).
pmateus Lv2Posted 2024-Sep-30 16:11
  
Q1: Add a static route in the main router of the MCS SCP platform. Add a Tunnel Route for aDR customer in the VPN device of MCS. Implement Tunnel NAT feature to resolve subnet conflicts
Q2: False
Q3: By IP address and By Domain Name
Q4:  The normal condition for the upgrade process is that the on-premises SCP version must be 6.10,  and HCI must also be version 6.10 to support aDR between the MCS site and the on-premises site​
Ghostlying Lv2Posted 2024-Sep-30 17:22
  
Q1: giving alerts, discarding sessions, and blocking IP addresses
Q2: correct, users do not need to update the mapping between IP addresses and domain names manually.
Q3: Detection objects (multiple NICs, wireless NICs, and 4G/5G NICs) and Detection methods (immediate detection & scheduled detection)
Q4: at least 40% of the total CPU and memory are available, and the network is connected
CLELUQMAN Lv4Posted 2024-Sep-30 17:22
  
Q1: If the number of new connections exceeds the specified threshold, actions such as giving alerts, discarding sessions, and blocking IP addresses can be executed.

Q2: RIGHT

Q3: detected by scanning the NIC information and checking WLAN and WWAN services.

Q4: The upgrade process may take about 20 minutes under normal conditions (at least 40% of the total CPU and memory are available, and the network is connected).