With which preprocesor do you detect incomplete TCP handshakes

With which preprocesor do you detect incomplete TCP handshakes
A . rate based prevention
B . portscan detection

View Answer

Answer: A

Explanation:

Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that traffic on legitimate requests.

Rate-based attacks usually have one of the following characteristics:

+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood attack

+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP connection flood attack

+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from a particular source IP address or addresses.

+ excessive matches for a particular rule across all traffic.

Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user­guide/asa-firepower- module-user-guide-v541/Intrusion-Threat-Detection.html