Which of following capabilities do an IDS and IPS have in common? (Select the best answer.)

A.
blocking a particular connection

B.
blocking traffic from a particular host

C.
modifying traffic

D.
resetting TCP connections

Explanation:
An Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) can both reset Transmission
Control Protocol (TCP) connections. An IDS is a network monitoring device that passively monitors network
traffic and actively sends alerts to a management station when it detects malicious traffic. An IDS typically has
one promiscuous network interface attached to each monitored network. Because traffic does not flow through
the IDS, the IDS is unable to directly block malicious traffic? however, an IDS can do any of the following:
– Request that another device block a connection
– Request that another device block a particular host
– Reset TCP connections
An IDS can prevent further instances of previously detected malicious traffic from passing onto the network by
creating access control lists (ACLs) on routers in the traffic path or by configuring other security devices that
reside in the flow of traffic.
By contrast, an IPS typically sits inline with the flow of traffic and can therefore block malicious traffic before it
passes onto the network. An inline IPS can perform the following actions:
– Block traffic from a particular host
– Block a particular connection
– Modify traffic- Reset TCP connections
However, if an IPS sits inline with traffic, a failed IPS device can cause all traffic to be dropped. Analyzing all of
the traffic that passes through the IPS can cause latency and jitter. Alternatively, an IPS can be configured to
operate in promiscuous mode, which would make it functionally similar to an IDS.

Cisco: Managed Security Services Partnering for Network Security: Managed Intrusion Detection and
Prevention Systems