Which of the following can the FirePOWER IMAP preproces…

Which of the following can the FirePOWER IMAP preprocessor extract in clienttoserver traffic? (Select the best
answer.)

Which of the following can the FirePOWER IMAP preprocessor extract in clienttoserver traffic? (Select the best
answer.)

A.
attachments

B.
file names

C.
addresses

D.
header data

Explanation:
On a Cisco FirePOWER Intrusion Prevention System (IPS), the Internet Message Access Protocol (IMAP)
preprocessors can extract and decode attachments in clienttoserver traffic. The FirePOWER IMAP
preprocessor is an Application layer inspection engine with the capability to decode email traffic and to
normalize the resulting data prior to forwarding the traffic to the intrusion rules engine for analysis. Cisco alsoprovides Post Office Protocol version 3 (POP3) and Simple Mail Transfer Protocol (SMTP) preprocessors.
In addition to generating an event when they observe anomalous traffic, the FirePOWER emailrelated
preprocessor engines can inspect the commands that pass between a client and a server to ensure that they
are compliant with the relevant Request for Comments (RFC). For example, the IMAP preprocessor can
generate an event when either a client command or a server response does not comply with RFC 3501, which
is the RFC that defines the IMAP protocol, and the POP3 preprocessor can do the same for commands that do
not comply with RFC 1939, which is the RFC that defines the POP3 protocol.
By contrast, the SMTP preprocessor provides the ability to normalize all, none, or a specific set of SMTP
commands, although a base set of commands will always be considered as part of the custom valid set if
normalization is enabled. In addition, the SMTP preprocessor can extract email file names, addresses, and
header data.

Cisco: Application Layer Preprocessors: The IMAP Preprocessor
Cisco: Application Layer Preprocessors: The POP Preprocessor
Cisco: Application Layer Preprocessors: The SMTP Preprocessor



Leave a Reply 0

Your email address will not be published. Required fields are marked *