“If the machine is under stress, we do not want to leave the stress condition due to a single
measurement (which could be an anomaly), but rather wait for a given length of time, before
changing the condition.” …describes which of the following “Bypass under Load” setting
kernel parameters?
A.
ids_timeout
B.
ids_tolerance_stress
C.
ids_assume_stress
D.
ide_tolerance_no_stress
I think B is right answer.
It is, C is to force a stress situation.
B is correct
ids_assume_stress
IDS mechanism assumes that the Security Gateway is under stress, regardless of the actual utilization of CPU and memory.
ids_tolerance_stress
Accepted value:
•Number of seconds
•Default = 10 seconds
If the Security Gateway is under stress, we do not want to exit the stress condition due to a single measurement (which could be an anomaly), but rather wait for a given length of time, before changing the condition.
For example, if you have a hit of 98% load, then after 2 seconds it goes under the Low threshold, then after 2 seconds goes over the High threshold again, then you might want not to disable IPS Bypass.
Only if you have a measurement under the High threshold, and it stays under the High threshold for the entire configured time (value of this kernel parameter), then the IPS Bypass will be disabled.
sk62848
The correct answer is B (ids_tolerance_stress)