Which of the following suppression types is not an option when you are creating a suppression for an intrusion policy?

A. destination

B. source

C. rule

D. protocol

Explanation:
The protocol suppression type is not an option when you are creating a suppression for an intrusion policy. Intrusion policies can be modified to include alerts, comments, dynamic rule states, thresholds, and suppressions. Suppressions are used to suppress events based on specific criteria. Suppressions can be created to filter all events by rule or to filter only specific events based on the source IP address or destination IP address of the traffic that generated the event.

You can create a suppression for an intrusion rule by first choosing Policies > Access Control > Intrusion and then clicking the edit icon, which resembles a pencil, next to the policy that you want to edit. From within the navigation pane, you can click Rules and then click Show Details to reveal the rule details pane. From the rule details pane, you can click Add next to Suppressions to create a new suppression for a specific rule. You can select Rule, Source, or Destination from the drop-down list to specify the type of suppression that you would like to create. The Rule selection will suppress all events generated by the rule. If you select Source or Destination, you will be required to enter an IP address, a network address, or a comma-separated list of addresses.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Tuning_Intrusion_Policies_Using_Rules.html#ID-2237-00000204