On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.)
A.
scanner threshold
B.
packet per second rate limit
C.
anomaly detection mode
D.
histogram
E.
total bytes transferred
Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/securi ty_manager/4.0/user/guide/ipsanom.html
The knowledge base has a tree structure and contains the following information:
Knowledge base name
Zone name
Protocol
Service
The knowledge base holds a scanner threshold and a histogram for each service. If you have learning accept mode set to automatic and the action set to rotate, a
new knowledge base is created every 24 hours and used in the next 24 hours. If you have learning accept mode set to automatic and the action is set to save only,
a new knowledge base is created but not loaded, and the current knowledge base is used. If you do not have learning accept mode set to automatic, no knowledge
base is created.