Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS sample question discussion

Hi

I am preparing for IPs and got confused with the below question. Please advise.

Q : A new sensor is generating a great deal of false positive alerts on the web servers. Which two action will help to reduce the amount of the false positives. (choose two)

A. Create a policy that denies attackers inline and filters alert for event with high risk ratings.

B. Lower the severity level of the signatures that are generating the false positives.

C. Lower fildility rating of signatures that are generating the false postives.

D. Raise the Target Value Rating for your web servers.

E. Create a filter that filters out any alert whose target address is that of one of your web servers.

Answers provided : A,D

But I feel "A" & "D" will not do any thing do to reduce the false postive generating and there could be denying of legitimate traffic also.

As per me , Answer should be "B" and "E" .

In fact we should be defining event action over rides (instead of filters), "not to produce alert" for events with lower risk rating.

PLEASE SHARE YOUR VIEWS :-)

1 REPLY

Re: IPS sample question discussion

Hi ... please post your questions to the Career certifications forum !!! they will be able to help you with any questions you need for your exam preparation !!!

210
Views
0
Helpful
1
Replies
CreatePlease to create content