All signatures in the Cisco IPS signature set include which three parameters that can be tuned according to the environment? (Choose three.)
A.
vulnerable OS list
B.
alert severity rating
C.
inline mode delta
D.
signature fidelity rating
E.
threat rating
Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/white_paper_c11_5 49300.htmlAfter configuring Cisco IOS IPS on your router, you should adjust the staging router’s signature configuration.
The IOS IPS `basic’ and `advanced’ signature categories include a set of signatures that detect and mitigate a broad range of traffic that could potentially exploit
various types of software vulnerabilities in server and workstation hosts, as well as network devices; other signature categories may hold some appeal for your
environment, but will likely require tuning to fit into the router’s available memory. You will need to be sure that IOS IPS is configured to enable signatures that
specifically address the requirements of your environment. Additionally, while some signatures may offer some benefit for vulnerabilities that your network presents,
IPS may recognize traffic that is not an exploit as unwanted traffic, thus affecting a “false positive”. False positives must be dealt with in a manner that suits the
nature of the vulnerability. If a very high-risk vulnerability must be mitigated by IPS, operational tools and staff must be able to distinguish between traffic that
comprises a false positive and that which comprises a live exploit. Otherwise, signatures addressing low-risk vulnerabilities might be tuned to generate less
response, or disabled entirely, to avoid the additional operational burden of dealing with the false positives. Other reasons for tuning the signature database are to
reduce memory or CPU footprint, or to add custom IPS signatures that you have developed to address the security requirements of your environment.