A security specialist configures an IPS so that it will generate an alert when an attack is first detected. Alerts for the subsequent detection of the same attack are suppressed for a pre-defined period of time. Another alert will be generated at the end of the period indicating the number of the attack detected. Which IPS alert monitoring mechanism is configured?
- composite alert
- atomic alert
- correlation alert
- summary alert
Explanation: Alerts generated by an IPS should be monitored closely to ensure proper actions are taken against malicious attacks. IPS solutions incorporate two types of alerts, atomic alerts and summary alerts. Atomic alerts are generated every time a signature triggers. A summary alert is a single alert that indicates multiple occurrences of the same signature from the same source address or port. With a summary alter, the first detection of the attack triggers a normal alert. Subsequent detection of the same attack is counted until the end of the signature summary interval. When the length of time specified by the summary interval has elapsed, a summary alarm is sent, indicating the number of alarms that occurred during the time interval.
Exam with this question: CCNA Security Chapter 5 Exam Answers
Exam with this question: CCNA Security Certification Practice Exam Answers
Please login or Register to submit your answer