What are two limitations of the Atomic IP Advanced Engine? (Choose two.)
A.
It has limited ability to check the fragmentation header.
B.
It is unable to fire high-severity alerts for known vulnerabilities.
C.
It is unable to detect IP address anomalies, including IP spoofing
D.
It is unable to inspect a packet’s length fields for bad information.
E.
It is unable to detect Layer 4 attacks if the packets were fragmented by IPv6.
Explanation:
The Atomic IP Advanced engine contains the following restrictions:
• Cannot detect the Layer 4 field of the packets if the packets are fragmented so that
the Layer 4 identifier does not appear in the first packet.
• Cannot detect Layer 4 attacks in flows with packets that are fragmented by IPv6
because there is no fragment reassembly.
• Cannot detect attacks with tunneled flows.
• Limited checks are provided for the fragmentation header.
• There is no support for IPv6 on the management (command and control) interface.
With
ASA 8.2(1), the ASA 5500 AIP SSM support IPv6 features.• If there are illegal duplicate headers, a signature fires, but the individual headers
cannot be separately inspected.
• Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the
anomaly detection processor.
• Rate limiting and blocking are not supported for IPv6 traffic. If a signature is
configured with a block or rate limit event action and is triggered by IPv6 traffic, an alert
is generated but the action is not carried out.
http://www.cisco.com/c/en/us/td/docs/security/ips/7-
1/configuration/guide/ime/imeguide71/ime_signature_engines.pdf