When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

A.
Deny the connection inline.

B.
Perform a Layer 6 reset.

C.
Deploy an antimalware system.

D.
Enable bypass mode.

Explanation:
BD
Deny connection inline: This action terminates the packet that triggered the action and future packets that are
part of the same TCP connection. The attacker could open up a new TCP session (using different port
numbers), which could still be permitted through the inline IPS.
Available only if the sensor is configured as an IPS.
Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465