Complete the following tasks:
Assign the highest rating to the DMZ Web and DNS server.
Deny all connections if Risk Rating is 80 or above and exempt the Management Station traffic from this policy.
Answer: See the explanation
Explanation:
1. Choose Configuraton->Policies->Event Action Rules->rulesO->Event Action Overrides
2. Check Use Event Action Override box3. Choose Target Value Rating
4. Delete whatever is there – since you cannot edit, only add and delete
5. Add: there choose Mission Critical, range of IP addresses 172.16.1.3-172.16.1.4
6. Click OK, then Apply
7. Go to Event Action tab
8. Delete whatever is there (Deny Packet Inline for RR >=90)
9. Add Deny Packet Inline for the range of 80 to 100 (Minimum and Maximum fields). Enabled and
Active should be true.
10. OK and Apply
11. Now go to rules0-> Event Action Filters and Add new one
12. Enter filter name – for example, PermitMS
13. Change Attacker Address field to 10.0.1.12
14. Change attacked destionation adresses to 172.16.1.3-172.16.1.4
15. Choose Deny Packet Inline from the actions to substract
16. OK and Apply