What are the three anomaly detection modes? (Choose three.)

A.
detect

B.
active

C.
inactive

D.
learn

E.
full

F.
partial

Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ security_manager/4.0/user/guide/ipsanom.html
Anomaly detection has the following modes:
·Learning accept mode (initial setup)
Although anomaly detection is in detect mode by default, it conducts an initial learning accept mode for the default period of 24 hours. We assume that during this
phase no attack is being carried out. Anomaly detection creates an initial baseline, known as a knowledge base, of the network traffic. The default interval value for
periodic schedules is 24 hours and the default action is rotate, meaning that a new knowledge base is saved and loaded, and then replaces the initial knowledge
base after 24 hours.

Keep the following in mind:
Anomaly detection does not detect attacks when working with the initial knowledge base, which is empty.
After the default of 24 hours, a knowledge base is saved and loaded and now anomaly detection also detects attacks.
Depending on your network complexity, you may want to have anomaly detection in learning accept mode for longer than the default 24 hours. You configure the
mode in the Virtual Sensors policy; see Defining A Virtual Sensor, page 28-5. After your learning period has finished, edit the virtual sensor and change the mode to
Detect.
·Detect mode
For ongoing operation, the sensor should remain in detect mode. This is for 24 hours a day, 7 days a week.
Once a knowledge base is created and replaces the initial knowledge base, anomaly detection detects attacks based on it. It looks at the network traffic flows that
violate thresholds in the knowledge base and sends alerts.
As anomaly detection looks for anomalies, it also records gradual changes to the knowledge base that do not violate the thresholds and thus creates a new
knowledge base. The new knowledge base is periodically saved and takes the place of the old one thus maintaining an up-to-date knowledge base.
·Inactive mode
You can turn anomaly detection off by putting it in inactive mode. Under certain circumstances, anomaly detection should be in inactive mode, for example, if the
sensor is running in an asymmetric environment.
Because anomaly detection assumes it gets traffic from both directions, if the sensor is configured to see only one direction of traffic, anomaly detection identifies all
traffic as having incomplete connections, that is, as scanners, and sends alerts for all traffic flows.