Phil notices a large amount of traffic from a specific internal IP address. He needs to verify if it is a network attack, or a user’s system infected with a worm. He has enabled Sweep Scan Protection and Host port scan in SmartDefense. Will Phil get all the information he needs from these actions?
A.
No. SmartDefense will only block the traffic, but it will not provide a detailed analysis of the traffic.
B.
No. SmartDefense will not block the traffic. The logs and alert can provide a further level information, but determining whether the attack is intentional or a worm requires further research by Phil.
C.
No. Phil also should set SmartDefense to quarantine the traffic from the suspicious IP address.
D.
Yes. SmartDefense will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
E.
No. To verify if this is a worm or an active attack, Phil should also enable TCP attack defenses.