12.1.6 Check Your Understanding – IPS Signature Actions Answers

1. Which action logs the IP address from a malicious source only and sends an alert?

  • request block host
  • drop or prevent the activity
  • log attacker packets
  • deny connection inline
  • reset a TCP connection

Explanation: The log attacker packets action logs the attacker IP address and sends an alert.

2. Which action terminates a malicious packet only?

  • request drop host
  • request block trap
  • deny packet inline
  • log attacker packets
  • reset a TCP connection

Explanation: The deny packet inline action drops a malicious packet only.

3. Which action makes the IPS device send TCP resets to hijack and terminate a TCP flow?

  • block future activity
  • drop or prevent the activity
  • deny packets inline
  • log pair packets
  • reset TCP connection

Explanation: The reset TCP connection action generates a packet for the connection with a special flag set.

Notify of

Inline Feedbacks
View all comments