Which actions can a promiscuous IPS take to mitigate an…

seenagapeMay 14, 2017

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
Reset the TCP connection

B.
Request connection blocking

C.
Deny packets

D.
Modify packets

E.
Request host blocking

F.
Deny frames

Explanation:
Brad
Answer) A, B and E
Confidence level: 100%
Note: Be aware that there is a reverse version of this question, worded such as “What actions are limited when
running IPS in promiscuous mode?”.
BD
Promiscuous Mode Event Actions
+ Request block host: This event action will send an ARC request to block the host for a specified time frame,
preventing any further communication. This is a severe action that is most appropriate when there is minimal
chance of a false alarm or spoofing.
+ Request block connection: This action will send an ARC response to block the specific connection. This
action is appropriate when there is potential for false alarms or spoofing.
+ Reset TCP connection: This action is TCP specific, and in instances where the attack requires several TCP
packets, this can be a successful action.
Source: http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html#7

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Cisco Exam Questions

Free Cisco Study Guide

Which actions can a promiscuous IPS take to mitigate an…

Leave a Reply Cancel reply