What action can you take to allow the user access to the IP address?

Posted by: Pdfprep Category: 210-260 Tags: , ,

You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address.

What action can you take to allow the user access to the IP address?
A . Create a whitelist and add the appropriate IP address to allow the traffic.
B . Create a custom blacklist to allow the traffic.
C . Create a user based access control rule to allow the traffic.
D . Create a network based access control rule to allow the traffic.
E . Create a rule to bypass inspection to allow the traffic.

Answer: A

Explanation:

Using Security Intelligence Whitelists

In addition to a blacklist, each access control policy has an associated whitelist, which you can also populate with Security Intelligence objects. A policy’s whitelist overrides its blacklist. That is, the system evaluates traffic with a whitelisted source or destination IP address using access control rules, even if the IP address is also blacklisted. In general, use the whitelist if a blacklist is still useful, but is too broad in scope and incorrectly blocks traffic that you want to inspect.

Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT­System-UserGuide- v5401/AC-Secint-Blacklisting.pdf

Leave a Reply

Your email address will not be published.