Refer to the exhibit. Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit. What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?
A.
Traffic matching the signature will be allowed and logged.
B.
The signature setting uses a custom rating threshold.
C.
The signature setting includes a group of other signatures.
D.
Traffic matching the signature will be silently dropped and logged.
See page 245 in the Study guide.
Action set to block, is the action the IPS Filter will take for the IPS signatures added in the list. "Select Block to silently drop traffic matching any of the signatures included in the entry".
D is correct. The action is set to Block at the top of the configuration setting. If it was set to default then the default action underneath for each signature will apply.
I got confused with the IPS Signature Action "Pass". I see Rate-based setting is set to "Default". After many loging fail I guess that action is going to be logged as an action "blocked" when exceed the amount of retries. Am I wrong?
Nope, the action in the signature list is block (top of the screenshot). It would be A if the action was default or allow, but the action of all the signatures that will be added to this list is going to be block.
upvoted 3 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
truserud
1 week, 3 days agosxcap
2 months, 2 weeks agovuhidus
3 months, 1 week agoJRKhan
3 months, 2 weeks agos4mu3l007
3 months, 4 weeks agodumpz
5 months agomiguelmagr
5 months agoyoula5
5 months agoGopiChandMurari
5 months, 2 weeks agoKnocks
5 months, 2 weeks ago