With which preprocesor do you detect incomplete TCP han…

With which preprocesor do you detect incomplete TCP handshakes

With which preprocesor do you detect incomplete TCP handshakes

A.
?

B.
rate based prevention

C.
?

D.
portscan detection

Explanation:
BD
Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that
traffic on legitimate requests. Rate-based attacks usually have one of the following characteristics:
+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood
attack
+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP
connection flood attack
+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from a
particular source IP address or addresses.
+ excessive matches for a particular rule across all traffic.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepowermodule-user-guide-v541/Intrusion-Threat-Detection.html



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Tard

Tard

Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A.
Rate-Based Prevention
B.
Portscan Detection
C.
IP Defragmentation
D.
Inline Normalization

Answer: A