which two event actions can be configured on a rule?

In a Cisco FirePOWER instrusion policy, which two event actions can be configured on a
rule? (Choose two.)

In a Cisco FirePOWER instrusion policy, which two event actions can be configured on a
rule? (Choose two.)

A.
drop packet

B.
drop and generate

C.
drop connection

D.
capture trigger packet

E.
generate events

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

brt

brt

generate events, drop and generate events (third option is disable)

Reply

brt

brt

Intrusion Rule State Options

In an intrusion policy, you can set a rule’s state to the following values:

Generate Events

You want the system to detect a specific intrusion attempt and generate an intrusion event when it finds matching traffic. When a malicious packet crosses your network and triggers the rule, the packet is sent to its destination and the system generates an intrusion event. The malicious packet reaches its target, but you are notified via the event logging.
Drop and Generate Events

You want the system to detect a specific intrusion attempt, drop the packet containing the attack, and generate an intrusion event when it finds matching traffic. The malicious packet never reaches its target, and you are notified via the event logging.

Note that rules set to this rule state generate events but do not drop packets in a passive deployment, including deployments where a 7000 or 8000 Series device inline interface set is in tap mode. For the system to drop packets, you must also enable Drop when Inline in your intrusion policy and deploy your device inline.
Disable

You do not want the system to evaluate matching traffic.

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Tuning_Intrusion_Policies_Using_Rules.html#ID-2237-0000063d

Reply