When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

210-260 0 Comments

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A . Deny the connection inline.
B . Perform a Layer 6 reset.
C . Deploy an antimalware system.
D . Enable bypass mode.

Answer: A

Explanation:

Deny connection inline: This action terminates the packet that triggered the action and future packets that are part of the same TCP connection. The attacker could open up a new TCP session (using different port numbers), which could still be permitted through the inline IPS. Available only if the sensor is configured as an IPS.

Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465

Latest 210-260 Dumps Valid Version with 498 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 210-260 PDF     210-260 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments