A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?
A.
Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
B.
Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
C.
Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the “Drop when inline” option.
D.
Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the “Drop when inline” option.
Let me rephrase each option:
A. checking the “Drop when inline” option configures the system in IPS mode
B. unchecking the “Drop when inline” option configures the system in IPS mode
C. checking the “Drop when inline” option configures the system in IDS mode
D. unchecking the “Drop when inline” option configures the system in IDS mode
option A itself is correct but does not meet the question's requirement.
option B is wrong.
option C is wrong.
option D is correct and meets the question's requirement.
Curse Cisco and their semantic pitfalls.
I think you start with a neutral inspection policy. Then, the keyword is "by": By unchecking "drop when inline" in the inspection policy, you create an IDS policy, instead of an IPS policy.
So I choose D
But that could be wrong, depending on how Cisco want to interpret things...
i think B is correct, since the cisco terminology, there's not IDS deployment, only IPS deployment for FTD.
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_intrusion_policies.html?bookSearch=true#concept_D1F1CDE29BDE4ACF9F254D8E5F1D518D
Also the option of drop does exist too, have to be unchecked:
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_intrusion_policies.html?bookSearch=true#ID-2231-0000003d
IDS = Intrusion Detection System
IPS = Intrusion Prevention System
Doesn't this ^ pretty much say it all? One detects and one prevents. This is a classic example of a Cisco trip-you-up question. Its purpose is not to test whether or not you know and understand a concept. No...it's purpose is to present you with designed, indecipherable ambiguity in an effort to collect another $300.
Welcome to Cisco Trivia Game where each Game cost $300! I think its D because we are creating an IDS behaving policy by deselecting drop when inline option on the policy. Semantics are making Cisco too much money. I don't know if its technically called IDS or still IPS mode when you disable the drop when selected checkbox? I cannot find a definitive documentation that calls it out.
I would go for the IDS > unchecking...but then I saw the question ...it is definatley IPS > unchecking ....Cisco questions - you have to love them ...then they wonder why we are going to examtopics :)
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tinyJoe
4 weeks agoStevens0103
5 months agoStevens0103
5 months agoz6st2a1jv
8 months, 1 week agobassfunk
11 months, 2 weeks agoDreng65
1 year agotrudint
1 year, 1 month agoTHEODORABLE
1 year, 2 months agoBbb78
1 year, 1 month ago