Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.)
A.
only operates in inline modes
B.
ensures that Layer 4 to Layer 7 traffic conforms to the protocol specifications
C.
tracks session states and stops packets that do not fully match session state
D.
modifies ambiguously fragmented IP traffic
E.
cannot analyze asymmetric traffic flows
Explanation:
http://globalknowledgeblog.com/technology/cisco/asa-and-ips-parallel-features-part-ii/ = A
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/white_paper_c11- 459025_ps6120_Products_White_Paper.html
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_signature_engines.
html#wpxref98199
= C and D
The Cisco ASA AIP-SSM is a fully functional firewall and IPS solution that can be deployed in symmetric or asymmetric mode and supports stateful failover
deployments. In either deployment mode, session state and evasion protection will be maintained because of advanced state features in the Cisco ASA operating
system.
E is not an option — even though it reduces performance -it is still able to analyze a single traffic flow.
http://globalknowledgeblog.com/technology/cisco/asa-and-ips-parallel-features-%E2%80%93- part-iii/