You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of
traffic from a specific internal IP address is a network attack, or a user’s system is infected with a
worm. Will you get all the information you need from these actions?
A.
Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic
matches any known worms.
B.
No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of
the traffic.
C.
No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
D.
No. The logs and alert can provide some level of information, but determining whether the
attack is intentional or a worm, requires further research.
Explanation: