When configuring an intrusion prevention sensor in promiscuous mode what type of malicious traffic can NOT be stopped?
A.
Atomic attacks (single packet attacks)
B.
Teardrop attacks
C.
All of the above
D.
Sweep reconnaissance (such as ICMP sweeps)
E.
Flood attacks
Incorrect. If the sensor is in promiscious mode, then it can’t stop any attack it can only detect it. The answer should be C.
Hi,
Atomic attacks (single packet attacks) is right !!
++++++++++++++++++++++++++++++
promiscuous mode packets do not flow through the IPS; the sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the IPS does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is that the IPS cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented by promiscuous IPS devices are postevent responses such as connection shunning, and they often require assistance from other networking devices (for example, routers and firewalls) to respond to an attack. Although such response actions can prevent some classes of attacks, for atomic attacks the single packet has the potential to reach the target system before the promiscuous-based sensor can apply an access-control-list (ACL) modification on a managed device (such as a firewall, switch, or router).
++++++++++++++
http://www.cisco.com/en/US/prod/collateral/modules/ps2641/solution_overview_cisco_ips_aim.html
++++++++++++++