How are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctively?

IT Questions BankCategory: CCNA SecurityHow are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctively?

How are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctively?

  • The IDS blocks offending traffic and the IPS verifies that offending traffic was blocked.
  • The IPS will send alert messages when the IDS sends traffic through that is marked as malicious.
  • The IPS will block all traffic that the IDS does not mark as legitimate.
  • The IDS will send alert messages about “gray area” traffic while the IPS will block malicious traffic.

Explanation: IDS sensors are typically deployed in offline mode. Although they do not stop the triggered packets immediately, they have no impact on network performance and hence can be configured to identify a broader scope of activities. IPS sensors can be configured to perform a packet drop to stop the trigger packet. However, because they are deployed inline, inspection of heavy traffic flow could have a negative impact on network performance. IDS and IPS technologies can complement each other. For example, an IDS can be implemented to validate IPS operation because the IDS can be configured for deeper packet inspection offline. This allows the IPS to focus on fewer but more critical traffic patterns inline.

Exam with this question: CCNA Security Practice Final Exam Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x