ICSC Imperva Cloud Security Practice Exam, Exams of Technology

Assesses expertise in implementing Imperva cloud security solutions. Covers cloud-native security controls, monitoring, threat detection, compliance, and incident response. Candidates demonstrate ability to secure cloud environments.

Typology: Exams

2025/2026

Available from 12/05/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 111

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ICSC Imperva Cloud Security Practice Exam
**Question 1.** Which component of the Imperva network is responsible for
terminating TLS connections from client browsers?
A) Origin Server
B) PoP Edge Node
C) Global Load Balancer
D) Management Console
**Answer:** B
**Explanation:** The PoP (PointofPresence) Edge Node terminates TLS
connections, decrypts traffic for inspection, and then reencrypts when
forwarding to the origin.
**Question 2.** In the Incapsula PoP architecture, which element stores cached
static assets for fast delivery?
A) Security Engine
B) Cache Store
C) Traffic Analyzer
D) API Gateway
**Answer:** B
**Explanation:** The Cache Store within each PoP holds static content (images,
JS, CSS) to serve subsequent requests directly from the edge.
**Question 3.** When routing traffic through Imperva, which layer performs the
initial request classification?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download ICSC Imperva Cloud Security Practice Exam and more Exams Technology in PDF only on Docsity!

Question 1. Which component of the Imperva network is responsible for terminating TLS connections from client browsers? A) Origin Server B) PoP Edge Node C) Global Load Balancer D) Management Console Answer: B Explanation: The PoP (Point‑of‑Presence) Edge Node terminates TLS connections, decrypts traffic for inspection, and then re‑encrypts when forwarding to the origin. Question 2. In the Incapsula PoP architecture, which element stores cached static assets for fast delivery? A) Security Engine B) Cache Store C) Traffic Analyzer D) API Gateway Answer: B Explanation: The Cache Store within each PoP holds static content (images, JS, CSS) to serve subsequent requests directly from the edge. Question 3. When routing traffic through Imperva, which layer performs the initial request classification?

A) Layer 7 (Application) B) Layer 4 (Transport) C) Layer 3 (Network) D) Layer 2 (Data Link) Answer: A Explanation: Imperva inspects HTTP/HTTPS traffic at Layer 7 to determine request type, client classification, and applicable security policies. Question 4. Which deployment model allows an organization to protect workloads hosted in its own data center while leveraging Imperva’s cloud services? A) Public Cloud only B) Private Cloud only C) Hybrid Cloud D) On‑premises only Answer: C Explanation: A hybrid deployment combines on‑premises resources with Imperva’s cloud‑based security and CDN services. Question 5. Which of the following cloud providers offers a native integration point for Imperva’s WAF via a marketplace offering? A) AWS Marketplace B) Azure DevOps

Answer: B Explanation: Administrators can manage sites and security settings but lack the privileged rights to change account‑level billing details. Question 8. Which Imperva feature provides real‑time status of service incidents and scheduled maintenance? A) ThreatRadar Dashboard B) Status Page C) Policy Engine Log D) CDN Health Monitor Answer: B Explanation: The Status Page displays current incidents, maintenance windows, and allows users to subscribe for updates. Question 9. During the WAF onboarding process, which DNS record type must be changed to point a naked domain (example.com) to Imperva? A) MX record B) TXT record C) A record D) SRV record Answer: C Explanation: An A record maps the naked domain directly to Imperva’s IP address, enabling traffic to flow through the WAF.

Question 10. Which SSL/TLS option allows customers to upload their own certificates to Imperva while retaining end‑to‑end encryption? A) Imperva Managed Certificate B Let’s Encrypt Auto‑Renewal C) Custom Certificate Management D) Self‑Signed Certificate Only Answer: C Explanation: Custom Certificate Management lets customers provide their own certificates, which Imperva presents to clients and re‑encrypts to the origin. Question 11. What is the primary purpose of the Domain Redirection feature in Imperva? A) To redirect HTTP to HTTPS automatically B) To forward traffic from a non‑protected domain to a protected one C) To change DNS TTL values dynamically D) To enable load balancing across multiple origins Answer: B Explanation: Domain Redirection ensures that requests to an unprotected domain are automatically sent to the protected domain, maintaining security coverage.

B) A1 – Injection C) A3 – Sensitive Data Exposure D) A7 – Cross‑Site Scripting (XSS) Answer: B Explanation: SQLi is a classic example of the “Injection” category (A1) and is blocked by Imperva’s SQLi signatures. Question 15. When analyzing a traffic log, which field indicates that a request was blocked by the Bot Mitigation layer? A) action=allow B) rule_id=bot‑challenge C) policy=web‑application‑firewall D) status= Answer: B Explanation: The rule_id “bot‑challenge” (or similar) denotes that the Bot Mitigation engine intervened and challenged the request. Question 16. Which security layer in Imperva is responsible for enforcing Geo‑IP based allow/deny rules? A) Access Control B) Bot Mitigation C) ThreatRadar

D) Signature Policy Answer: A Explanation: Access Control policies include Geo‑IP filters that permit or block traffic from specific countries or regions. Question 17. A site needs protection against malicious JavaScript payloads. Which WAF feature should be enabled? A) Rate Limiting B) XSS Protection Signature C) HTTP/2 Push D) Bot Fingerprinting Answer: B Explanation: XSS signatures detect and block malicious scripts injected into web pages. Question 18. Which Imperva component allows administrators to create custom logic that evaluates request attributes before applying actions? A) Policy Engine B) ThreatRadar C) CDN Optimizer D) DDoS Shield Answer: A

Question 21. What is a common symptom of profiling anomalies that indicates a mis‑tuned WAF rule? A) Excessive cache hits B) High false‑positive rate for legitimate traffic C) Decreased DNS query latency D) Increased SSL handshake failures Answer: B Explanation: Mis‑tuned rules often generate many false positives, flagging legitimate user requests as malicious. Question 22. Which correlation policy would you configure to trigger an alert when more than 10 failed login attempts occur from the same IP within 5 minutes? A) Rate‑limit Policy B) Brute‑Force Detection Policy C) Geo‑IP Block Policy D) Bot Challenge Policy Answer: B Explanation: A Brute‑Force Detection correlation policy monitors repeated failed authentication attempts and raises alerts. Question 23. Which DDoS attack vector primarily targets the network transport layer (Layer 3/4)?

A) HTTP GET flood B) SYN flood C) XML External Entity (XXE) attack D) Cookie replay attack Answer: B Explanation: SYN floods exploit the TCP handshake at Layer 4, overwhelming connection tables. Question 24. During a high‑volume Layer 7 DDoS attack, what Imperva metric is most useful for determining if the attack is saturating the application? A) Packets per second (pps) B) Requests per second (RPS) to the origin C) CPU utilization on PoP edge nodes D) Number of open TCP sockets Answer: B Explanation: RPS to the origin reflects the load on the application layer and indicates whether the attack is overwhelming the backend. Question 25. Which setting in Imperva’s DDoS mitigation controls the threshold at which traffic is automatically challenged? A) Bot Mitigation Sensitivity B) Rate‑limit Threshold

Answer: B Explanation: JSON Schema Validation inspects JSON payloads against defined schemas, blocking malformed or malicious data. Question 28. Which Imperva feature enables automatic protection of serverless functions (e.g., AWS Lambda) without exposing the origin IP? A) Edge‑only Mode B) Origin Shielding C) Serverless API Protection D) Private PoP Routing Answer: C Explanation: Serverless API Protection routes traffic through Imperva’s edge, hiding the function’s endpoint while applying security controls. Question 29. In Advanced Bot Protection (ABP), which classification identifies bots that mimic human behavior and use rotating IPs? A) Good Bot B) Bad Bot C) Advanced Bot D) Scraper Bot Answer: C Explanation: Advanced bots employ techniques like headless browsers, IP rotation, and human‑like interaction to evade detection.

Question 30. Which mitigation technique is most effective against credential‑stuffing attacks targeting login APIs? A) CAPTCHA challenge on every request B) IP reputation blocking only C) Adaptive rate limiting based on failed login attempts D) Disabling TLS Answer: C Explanation: Adaptive rate limiting throttles repeated failed login attempts while allowing legitimate users to continue. Question 31. Which Imperva setting balances security and user experience by allowing known good bots (e.g., search engine crawlers) to bypass challenges? A) Bot Whitelist B) Bot Blacklist C) Bot Challenge Threshold D) Bot Fingerprint Sensitivity Answer: A Explanation: A Bot Whitelist permits recognized good bots to pass through without additional verification. Question 32. In the CDN flow, what is the first component that receives an HTTP request from a client?

C) Standard Caching D) Edge‑Only Caching Answer: B Explanation: Bypass Cache forces every request to go to the origin, ensuring dynamic data is never served from the edge cache. Question 35. When should an administrator issue a cache purge request? A) After updating a static CSS file B) When the PoP experiences high CPU usage C) To clear the DNS cache for a domain D) When enabling a new WAF rule Answer: A Explanation: Updating static assets (e.g., CSS, JS) requires a purge so that clients receive the latest version instead of stale cached copies. Question 36. Which HTTP response header added by Imperva indicates the cache status of the delivered content? A) X-Cache-Status B) X-Edge-Cache C) X-Cache D) X-Cache‑Result Answer: C

Explanation: The “X-Cache” header shows values such as “HIT”, “MISS”, or “EXPIRED”, revealing the caching outcome. Question 37. If a client receives an “X-Cache: MISS” header, what does this imply? A) The content was served from the PoP cache B) The request was blocked by the WAF C) The content was fetched from the origin server D) The request was redirected to a different domain Answer: C Explanation: “MISS” indicates the edge did not have a cached copy and had to retrieve the resource from the origin. Question 38. Which Imperva feature allows administrators to set different caching behaviors for mobile versus desktop browsers? A) Device‑Aware Caching Rules B) User‑Agent Based Cache Bypass C) Adaptive Content Delivery D) Dynamic Content Segmentation Answer: B Explanation: By configuring a User‑Agent based cache bypass rule, mobile browsers can be forced to bypass cache while desktops receive cached content.

B) Rate‑Limit Policy C) Access Control List D) ThreatRadar Reputation Policy Answer: B Explanation: Rate‑Limit policies enforce thresholds on request rates per IP or other identifiers. Question 42. In the context of API security, what does “swagger validation” refer to? A) Verifying API endpoints against an OpenAPI specification B) Checking SSL certificates on API calls C) Enforcing IP whitelists for API access D) Monitoring API latency trends Answer: A Explanation: Swagger (OpenAPI) validation ensures incoming API requests conform to the defined contract, blocking malformed calls. Question 43. Which Imperva component provides real‑time threat intelligence about malicious IPs and proxies? A) ThreatRadar B) CDN Optimizer C) Policy Engine

D) DDoS Shield Answer: A Explanation: ThreatRadar aggregates global reputation data and feeds it into security policies for proactive blocking. Question 44. When configuring a custom rule to block requests containing the string “/admin” in the URL path, which operator would you use? A) contains B) equals C) starts_with D) regex_match Answer: A Explanation: The “contains” operator matches any URL that includes the specified substring. Question 45. Which of the following best describes a “false positive” in Imperva’s security event logs? A) An attack that was successfully blocked B) Legitimate traffic incorrectly identified as malicious C) A bot that passed the challenge test D) An origin server error unrelated to security Answer: B