Which type of IPS can identify worms that are propagati…

seenagapeMay 14, 2017

Which type of IPS can identify worms that are propagating in a network?

PrepAway - Latest Free Exam Questions & Answers

A.
Policy-based IPS

B.
Anomaly-based IPS

C.
Reputation-based IPS

D.
Signature-based IPS

Explanation:
BD
An example of anomaly-based IPS/IDS is creating a baseline of how many TCP sender requests are
generated on average each minute that do not get a response. This is an example of a half-opened session. If
a system creates a baseline of this (and for this discussion, let’s pretend the baseline is an average of 30 halfopened sessions per minute), and then notices the half-opened sessions have increased to more than 100 per
minute, and then acts based on that and generates an alert or begins to deny packets, this is an example of
anomaly-based IPS/IDS. The Cisco IPS/IDS appliances have this ability (called anomaly detection), and it is
used to identify worms that may be propagating through the network.
Source: Cisco Official Certification Guide, Anomaly-Based IPS/IDS, p.464

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Cisco Exam Questions

Free Cisco Study Guide

Which type of IPS can identify worms that are propagati…

Leave a Reply Cancel reply