PrepAway - Latest Free Exam Questions & Answers

Which of the following is a Transport and Network layer preprocessor that is available in Cisco Firepower NGIP

Which of the following is a Transport and Network layer preprocessor that is available in Cisco Firepower NGIPS?

A. inline normalization

B. SIP

C. DNS

D. Modbus

E. SSH

Explanation:
The inline normalization preprocessor is a Transport and Network layer preprocessor that is available in Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS). Firepower NGIPS has several predefined preprocessor engines that can be used to detect specific threats. The inline normalization preprocessor is commonly used in inline deployments to reduce the chances of malicious traffic evading detection. The inline normalization process takes place immediately after the packet decoder decodes the packet, which ensures that packets being analyzed by the intrusion prevention system (IPS) are identical to the packets that will be assembled by the target host.

The Domain Name System (DNS) preprocessor, the Session Initiation Protocol (SIP) preprocessor, and the Secure Shell (551-1) preprocessor are Application layer preprocessors that are available in Firepower NGIPS. The DNS preprocessor inspects DNS name server responses for overflow attempts as well as obsolete and experimental resource record types. The SIP preprocessor inspects SIP 2.0 call traffic for anomalies and out-of-order call sequences. The SSH preprocessor detects buffer overflow exploits, the CRC-32 exploit, protocol mismatches, and version exploits; however, it does not detect brute-force attacks.

Modbus and the Distributed Network Protocol 3 (DNP3) preprocessors are Supervisory Control and Data Acquisition (SCADA) preprocessors that are available in Firepower NGIPS. DNP3 is a communications protocol that is often used by water, waste, electric, and transportation utilities. Modbus is a communications protocol that is commonly used in industrial environments.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/SCADA_Preprocessors.html
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Transport___Network_Layer_Preprocessors.html


Leave a Reply