Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.)
A.
Subtract all aggressive actions using event action filters.
B.
Enable anomaly detection learning mode.
C.
Enable verbose alerts using event action overrides.
D.
Decrease the number of events required to trigger the signature.
E.
Increase the maximum inter-event interval of the signature.
I agree with the answer. AE