As a critical part of the design for the Enterprise Campus network, which of the following two are true concerning intrusion detection and prevention solution? (Choose two)
A.
IDS is capable of both inline and promiscuous monitoring, while IPS is only capable of promiscuous monitoring
B.
IDS will stop malicious traffic from reaching its intended target for certain types of attacks.
C.
IPS processes information on Layers 3 and 4 as well as analyzing the contents and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7)
D.
IPS inspects traffic statefully and needs to see both sides of the connection to function properly
E.
IDS placement at the perimeter of Data Center outside the firewall generates many warnings that have relatively low value because no action is likely to be taken on this information
Explanation:
correct answer should be C &E
sorry corrcet naswer is C, D
Traditional packet flows in a network are symmetrical and consist of connections that take the same path
through the network in both directions. Many newer network designs do not guarantee symmetrical flows and
engineer the network to take advantage of all available links. This greatly increases the chance that traffic may
use multiple paths to and from its destination.
This asymmetric traffic flow can cause problems with inline IPS devices. Because an IPS sensor inspects traffic
statefully and needs to see both sides of the connection to function properly, asymmetric traffic flows may
cause valid traffic to be dropped.