Which are common indicators of a BGP security incident in router logs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which are common indicators of a BGP security incident in router logs?

Explanation:
Recognizing signals of a BGP security incident in router logs means spotting patterns that point to problems with how routes are announced and learned. The strongest indicators are: new or unexpected prefixes or origins, which can mean someone is announcing routes you don’t own or from an origin AS you didn’t expect; AS_PATH anomalies, such as unusual sequences, unexplained length changes, or loops, which suggest path manipulation or misconfiguration; invalid ROA matches, where a route fails ROA or RPKI validation, signaling that the origin isn’t authorized or the ROA data is inconsistent; rapid changes in routing information, i.e., frequent updates or route flapping, which reflect instability often tied to hijacks or leaks; and neighbor session resets, where BGP peering sessions repeatedly reset, hinting at interference, misconfigurations, or disruption attempts. These together form a realistic portrait of a BGP security incident as seen in logs. Other options don’t fit as well because isolated symptoms like only increased CPU usage can occur for many benign reasons, regularly scheduled maintenance messages are expected maintenance activity rather than anomalies, and no anomalies would not indicate an incident.

Recognizing signals of a BGP security incident in router logs means spotting patterns that point to problems with how routes are announced and learned. The strongest indicators are: new or unexpected prefixes or origins, which can mean someone is announcing routes you don’t own or from an origin AS you didn’t expect; AS_PATH anomalies, such as unusual sequences, unexplained length changes, or loops, which suggest path manipulation or misconfiguration; invalid ROA matches, where a route fails ROA or RPKI validation, signaling that the origin isn’t authorized or the ROA data is inconsistent; rapid changes in routing information, i.e., frequent updates or route flapping, which reflect instability often tied to hijacks or leaks; and neighbor session resets, where BGP peering sessions repeatedly reset, hinting at interference, misconfigurations, or disruption attempts. These together form a realistic portrait of a BGP security incident as seen in logs.

Other options don’t fit as well because isolated symptoms like only increased CPU usage can occur for many benign reasons, regularly scheduled maintenance messages are expected maintenance activity rather than anomalies, and no anomalies would not indicate an incident.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy