Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false
positives? (Choose two.)

A.
Subtract all aggressive actions using event action filters.

B.
Enable anomaly detection learning mode.

C.
Enable verbose alerts using event action overrides.

D.
Decrease the number of events required to trigger the signature.

E.
Increase the maximum inter-event interval of the signature.

Explanation:
1 > Remove all agressive actions from all signatures using event action filters 2 > Add verbose alerts using event action overrides
3 > Add logging packets between the attacker and the victim using event action overrides