What does Cisco recommend when you are enabling Cisco IOS IPS?
A.
Do not enable all the signatures at the same time.
B.
Do not enable the ICMP signature.
C.
Disable the Zone-Based Policy Firewall because it is not compatible with Cisco IOS IPS.
D.
Disable CEF because it is not compatible with Cisco IOS IPS. .
Explanation:
Router memory and resource constraints prevent a router from loading all Cisco IOS IPS
signatures. Thus, it is recommended that you load only a selected set of signatures that are
defined by the categories. Because the categories are applied in a “top-down” order, you should
first retire all signatures, followed by “unretiring” specific categories. Retiring signatures enables
the router to load information for all signatures, but the router does not build the parallel scanning
data structure.