With which preprocesor do you detect incomplete TCP handshakes
A.
?
B.
rate based prevention
C.
?
D.
portscan detection
Explanation:
BD
Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that
traffic on legitimate requests. Rate-based attacks usually have one of the following characteristics:
+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood
attack
+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP
connection flood attack
+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from a
particular source IP address or addresses.
+ excessive matches for a particular rule across all traffic.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepowermodule-user-guide-v541/Intrusion-Threat-Detection.html
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A.
Rate-Based Prevention
B.
Portscan Detection
C.
IP Defragmentation
D.
Inline Normalization
Answer: A