Click the Exhibit button.
{primarynode0}[edit security idp idp-policy test-ips-policy]
user@host# show
rulebase-ips {
rule r1 {
match {
source-address any;
attacks {
predefined-attack-groups “HTTP – All”;
}
}
then {
action {
drop-packet;
}
}
terminal;
}
rule r2 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups “FTP – All”;
}
then {
action {
no-action;
}
}
}
rule r3 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups “TELNET – All”;
}
}
then {
action {
no-action;
}
}
}
rule r4 {match {
source-address any;
attacks {
predefined-attack-groups “FTP – All”;
}
}
then {
action {
drop-packet;
}
}
}
}
A user with IP address 172.301.100 initiates an FTP session to a host with IP address 10.100.1.50 through an
SRX Series device and is subject to the IPS policy shown in the exhibit.
cd ~root command, which statement is correct?
If the user tries to execute the
A.
The FTP command will be denied with the offending packet dropped and the session will be closed by the
SRX device.
B.
The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be
inspected by the IPS policy.
C.
The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS
policy.
D.
The FTP command will be allowed to execute but any other attacks executed during the session will be
inspected.