You enable Sweep scan Protection and Host port scan in IPS to determine n a large amount of
traffic from a specific internal IP address is network attack, or a user’s system is infected with a
worm. Will you get all the information you need from these actions?
A.
No. To verify if tins is a worm or an active attack, you must also enable TCP attack defenses
B.
No. The logs and alert can provide some level of information, but determining whether the
attack is intentional or a worm requires further research.
C.
Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic
matches any known worms
D.
No. These PS protections will only block the traffic, but it will not provide a detailed analysis of
the traffic
Explanation: