Refer to the Exhibit.
— Exhibit —
[edit security idp]
user@srx# show | no-more
idp-policy basic {
rulebase-ips {
rule 1 {
match {
from-zone untrust;
source-address any;
to-zone trust;
destination-address any;
application default;
attacks {
custom-attacks data-inject;
}
}
then {
action {
recommended;
}
notification {
log-attacks;
}
}
}
}
}
active-policy basic;
custom-attack data-inject {
recommended-action close;
severity critical;
attack-type {
signature {
context mssql-query;
pattern “SELECT * FROM accounts”;
direction client-to-server;
}
}
}
— Exhibit —
You have configured the custom attack signature shown in the exhibit. This configuration is valid,
but you want to improve the efficiency and performance of your IDP.
Which two commands should you use? (Choose two.)
A.
set custom attack data-inject recommended-action drop
B.
set custom-attack data-inject attack-type signature protocol-binding tcp
C.
set idp-policy basic rulebase-ips rule 1 match destination-address webserver
D.
set idp-policy basic rulebase-ips rule 1 match application any
Explanation:
B is right ( JIPS book chapter 5 page 20)
C is right regarding “apicify the direction”