IPS sample question discussion

ppathiya — Sun, 10 Mar 2019 10:10:10 GMT

I am preparing for IPs and got confused with the below question. Please advise.

Q : A new sensor is generating a great deal of false positive alerts on the web servers. Which two action will help to reduce the amount of the false positives. (choose two)

A. Create a policy that denies attackers inline and filters alert for event with high risk ratings.

B. Lower the severity level of the signatures that are generating the false positives.

C. Lower fildility rating of signatures that are generating the false postives.

D. Raise the Target Value Rating for your web servers.

E. Create a filter that filters out any alert whose target address is that of one of your web servers.

Answers provided : A,D

But I feel "A" & "D" will not do any thing do to reduce the false postive generating and there could be denying of legitimate traffic also.

As per me , Answer should be "B" and "E" .

In fact we should be defining event action over rides (instead of filters), "not to produce alert" for events with lower risk rating.

PLEASE SHARE YOUR VIEWS 🙂

Re: IPS sample question discussion

Fernando_Meza — Tue, 15 Aug 2006 05:44:57 GMT

Hi ... please post your questions to the Career certifications forum !!! they will be able to help you with any questions you need for your exam preparation !!!

topic Re: IPS sample question discussion in Network Security

IPS sample question discussion

Re: IPS sample question discussion