Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A.
Rate-Based Prevention
B.
Portscan Detection
C.
IP Defragmentation
D.
Inline Normalization
Explanation:
Brad
Confidence level: 0%
Note: Never bothered to research this question.
BD
Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that
traffic on legitimate requests. Rate-based attacks usually have one of the following characteristics:
+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood
attack
+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP
connection flood attack
+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from aparticular source IP address or addresses.
+ excessive matches for a particular rule across all traffic.
Preventing SYN Attacks
The SYN attack prevention option helps you protect your network hosts against SYN floods. You can protect
individual hosts or whole networks based on the number of packets seen over a period of time. If your device is
deployed passively, you can generate events. If your device is placed inline, you can also drop the malicious
packets. After the timeout period elapses, if the rate condition has stopped, the event generation and packet
dropping stops.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepowermodule-user-guide-v541/Intrusion-Threat-Detection.html