When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A.
Deny the connection inline.
B.
Perform a Layer 6 reset.
C.
Deploy an antimalware system.
D.
Enable bypass mode.
Explanation:
BD
Deny connection inline: This action terminates the packet that triggered the action and future packets that are
part of the same TCP connection. The attacker could open up a new TCP session (using different port
numbers), which could still be permitted through the inline IPS.
Available only if the sensor is configured as an IPS.
Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465