Which of the following emailrelated FirePOWER preprocessors can extract and decode attachments in
clienttoserver traffic? (Select the best answer.)
A.
only the IMAP preprocessor
B.
only the POP3 preprocessor
C.
only the SMTP preprocessor
D.
only the POP3 and SMTP preprocessors
E.
only the IMAP and SMTP preprocessors
F.
the IMAP, POP3, and SMTP preprocessors
Explanation:
On a Cisco FirePOWER Intrusion Prevention System (IPS), the Internet Message Access Protocol (IMAP),
Post Office Protocol version 3 (POP3), and Simple Mail Transfer Protocol (SMTP) preprocessors can extract
and decode attachments in clienttoserver traffic. The FirePOWER IMAP, POP3, and SMTP preprocessors are
Application layer inspection engines with the capability to decode email traffic and to normalize the resulting
data prior to forwarding the traffic to the intrusion rules engine for analysis.
In addition to generating an event when they observe anomalous traffic, the FirePOWER emailrelated
preprocessor engines can inspect the commands that pass between a client and a server to ensure that they
are compliant with the relevant Request for Comments (RFC). For example, the IMAP preprocessor can
generate an event when either a client command or a server response does not comply with RFC 3501, which
is the RFC that defines the IMAP protocol, and the POP3 preprocessor can do the same for commands that do
not comply with RFC 1939, which is the RFC that defines the POP3 protocol. By contrast, the SMTP
preprocessor provides the ability to normalize all, none, or a specific set of SMTP commands, although a base
set of commands will always be considered as part of the custom valid set if normalization is enabled.Cisco: Application Layer Preprocessors: The IMAP Preprocessor
Cisco: Application Layer Preprocessors: The POP Preprocessor
Cisco: Application Layer Preprocessors: The SMTP Preprocessor