Which IDS/IPS signature alarm will look for packets that are destined to or from a particular port?
- honey pot-based
- anomaly-based
- signature-based
- policy-based
Explanation: Cisco IDS and IPS sensors can use four types of signature alarms or triggers:
- Pattern-based detection – also known as signature-based detection, searches for a specific and pre-defined pattern. In most cases, the pattern is matched to the signature only if the suspect packet is associated with a particular service or destined to or from particular ports.
- Anomaly-based detection – also known as profile-based detection, involves first defining a profile of what is considered normal for the network or host. After defining normal activity, the signature triggers an action if excessive activity occurs beyond a specified threshold that is not included in the normal profile.
- Policy-based detection – also known as behavior-based detection, is similar to pattern-based detection, but instead of trying to define specific patterns, the administrator defines behaviors that are suspicious based on historical analysis.
- Honey pot-based detection – uses a dummy server to attract attacks.
Exam with this question: CCNA Security Final Exam Answers
Exam with this question: CCNA Security Pretest Exam Answers
Please login or Register to submit your answer