When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

Posted by: Pdfprep Category: 210-260 Tags: , ,

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A . Deny the connection inline.
B . Perform a Layer 6 reset.
C . Deploy an antimalware system.
D . Enable bypass mode.

Answer: A

Explanation:

Deny connection inline: This action terminates the packet that triggered the action and future packets that are part of the same TCP connection. The attacker could open up a new TCP session (using different port numbers), which could still be permitted through the inline IPS. Available only if the sensor is configured as an IPS.

Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465

Leave a Reply

Your email address will not be published.