When learning accept mode is set to auto, and the action is set to rotate, when is the KB created
and used?
A.
It is created every 24 hours and used for 24 hours.
B.
It is created every 24 hours, but the current KB is used.
C.
It is created every 1 hour and used for 24 hours.
D.
A KB is created only in manual mode.
Explanation:
Anomaly detection has the following modes:
•Learning accept mode
Although anomaly detection is in detect mode by default, it conducts an initial learning accept mode for the default period of 24 hours. We assume that during this phase no attack is being carried out. Anomaly detection creates an initial baseline, known as a knowledge base (KB), of the network traffic. The default interval value for periodic schedule is 24 hours and the default action is rotate, meaning that a new KB is saved and loaded, and then replaces the initial KB after 24 hours.
http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/ime/imeguide7/ime_anomaly_detections.html