You recently noticed a large volume of alerts generated by attacks against your web servers. Because these are mission-critical servers, you keep them up to date on patches. As a result, the attacks fail and your inline sensor generates numerous false positives. Your assistant, who monitors the alerts, is overwhelmed.
Which two actions will help your assistant manage the false positives? (Choose two.)
A.
Lower the severity level of signatures that are generating the false positives.
B.
Lower the fidelity ratings of signatures that are generating the false positives.
C.
Raise the Target Value Ratings for your web servers.
D.
Create a policy that denies attackers inline and filters alerts for events with high Risk Ratings.
“Pass Any Exam. Any Time.” – www. 44
Cisco 642-533: Practice Exam