Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)
A . Modifying packets
B . Requesting connection blocking
C . Denying packets
D . Resetting the TCP connection
E . Requesting host blocking
F . Denying frames
Answer: B,D,E
Explanation:
Promiscuous Mode Event Actions
+ Request block host: This event action will send an ARC request to block the host for a specified time frame, preventing any further communication. This is a severe action that is most appropriate when there is minimal chance of a false alarm or spoofing.
+ Request block connection: This action will send an ARC response to block the specific connection. This action is appropriate when there is potential for false alarms or spoofing. + Reset TCP connection: This action is TCP specific, and in instances where the attack requires several TCP packets, this can be a successful action.
Source: http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html#7
Leave a Reply