PrepAway - Latest Free Exam Questions & Answers

Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond t

Which IPS technique commonly is used to improve accuracy and context awareness, aiming to
detect and respond to relevant incidents only and therefore, reduce noise?

PrepAway - Latest Free Exam Questions & Answers

A.
Attack relevancy

B.
Target asset value

C.
Signature accuracy

D.
Risk rating

Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper09
00aecd806e7299.html
Risk Rating Calculation
Risk rating is a quantitative measure of your network’s threat level before IPS mitigation. For each
event fired by IPS signatures, Cisco IPS Sensor Software calculates a risk rating number. The
factors used to calculate risk rating are:
• Signature fidelity rating: This IPS-generated variable indicates the degree of attack certainty.
• Attack severity rating: This IPS-generated variable indicates the amount of damage an attack
can cause.
• Target value rating: This user-defined variable indicates the criticality of the attack target. This is
the only factor in risk rating that is routinely maintained by the user. You can assign a target value
rating per IP address in Cisco IPS Device Manager or Cisco Security Manager. The target value
rating can raise or lower the overall risk rating for a network device. You can assign the following
target values:
– 75: Low asset value
– 100: Medium asset value
– 200: Mission-critical asset value
• Attack relevancy rating: This IPS-generated value indicates the vulnerability of the attack target.
• Promiscuous deltA. The risk rating of an IPS deployed in promiscuous mode is reduced by the
promiscuous delta. This is because promiscuous sensing is less accurate than inline sensing. The
promiscuous delta can be configured on a per-signature basis, with a value range of 0 to 30. (The
promiscuous delta was introduced in Cisco IPS Sensor Software Version 6.0.)
• Watch list rating: This IPS-generated value is based on data found in the Cisco Security Agent
watch list. The Cisco Security Agent watch list contains IP addresses of devices involved in
network scans or possibly contaminated by viruses or worms. If an attacker is found on the watch
list, the watch list rating for that attacker is added to the risk rating. The value for this factor is
between 0 and 35. (The watch list rating was introduced in Cisco IPS Sensor Software Version
6.0.) Risk rating can help enhance your productivity as it intelligently assesses the level of risk of
each event and helps you focus on high-risk events.


Leave a Reply