Which two characteristics apply to an Intrusion Prevent…

Which two characteristics apply to an Intrusion Prevention System (IPS) ? Choose two

Which two characteristics apply to an Intrusion Prevention System (IPS) ? Choose two

A.
Does not add delay to the original traffic.

B.
Cabled directly inline with the flow of the network traffic.

C.
Can drop traffic based on a set of rules.

D.
Runs in promoscous mode.

E.
Cannot drop the packet on its own

Explanation:
+ Position in the network flow: Directly inline with the flow of network traffic and every packet
goes through the sensor on its way through the network.
+ Mode: Inline mode
+ The IPS can drop the packet on its own because it is inline. The IPS can also request
assistance from
another device to block future packets just as the IDS does.

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

beetleman

beetleman

This is confusing, as an IPS CAN run in promiscuous mode. If thats going to be an incorrect answer it needs to be “ONLY runs in promiscuous mode”

“Typically, the IPS is deployed in either Inline or Promiscuous mode. Inline mode positions the IPS directly in the packet flow, allowing it to perform actions directly on the packet flow. In Promiscuous mode (IDS), the IPS/IDS receives a copy of packets on the network instead of being directly in the packet flow.”

REF:
https://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html

Reply

beetleman

beetleman

I think the answer is actually B and D.

IPS doesn’t actually use “Rules” it uses contextual inspection and risk/threat ratings to choose what action it should take against the traffic. To me- yes this is a rule-set. But you know ol’ cisco likes to be distinguished.

“To understand how the IPS device views events, it is necessary to understand the IPS risk rating. The IPS risk rating is applied to all detected events and provides contextual quantification of the event risk as it pertains to the network being monitored. The risk rating relies on several attributes to provide an event-specific, contextual rating. The rating can be used to derive actionable responses, automated or otherwise. The following provides an overview of the risk rating calculation and its associated attributes.”

REF:
https://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html

Reply