What information must an IPS track in order to detect attacks matching a composite signature?

What information must an IPS track in order to detect attacks matching a composite signature?

• the total number of packets in the attack
• the attacking period used by the attacker
• the network bandwidth consumed by all packets
• the state of packets related to the attack

Explanation: A composite signature is called a stateful signature. It identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time. Because this type of attack involves multiple packets, an IPS sensor must maintain the state information. However, an IPS sensor cannot maintain the state information indefinitely. A composite signature is configured with a time period to maintain the state for the specific attack when it is first detected. Thus, an IPS may not be able to maintain all the information related to an attack such as total number of packets, total length of attack time, and the amount of bandwidth consumed by the attack.

Exam with this question: CCNA Security Chapter 5 Exam Answers
Exam with this question: Network Security ( Version 1) - Network Security 1.0 Modules 11-12: Intrusion Prevention Group Exam Answers
Exam with this question: CCNA Security Final Exam (CCNAS v1.2)