200-310 Exam Dumps | DRAG DROP Drag the event action on the left to the IPS mode that supports it on the right. Use all event

Valid 200-310 Dumps shared by ExamDiscuss.com for Helping Passing 200-310 Exam! ExamDiscuss.com now offer the newest 200-310 exam dumps, the ExamDiscuss.com 200-310 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-310 dumps with Test Engine here:

Access 200-310 Dumps Premium Version
(392 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 113/160

DRAG DROP
Drag the event action on the left to the IPS mode that supports it on the right. Use all event actions. Some boxes will not be filled.
Select and Place:

Correct Answer:

Explanation/Reference:
Section: Considerations for Expanding an Existing Network Explanation
Explanation:
Promiscuous mode enables Cisco Intrusion Prevention System (IPS) to examine traffic on ports from multiple network segments without being directly connected to those segments. Copies of traffic are forwarded to IPS for analysis instead of flowing through IPS directly. Therefore, promiscuous mode increases latency because the amount of time IPS takes to determine whether a network attack is in progress can be greater in promiscuous mode than when IPS is operating in inline mode. The greater latency means that an attack has a greater chance at success prior to detection.
IPS can use all of the following actions to mitigate a network attack in promiscuous mode:
Request block host: causes IPS to send a request to the Attack Response Controller (ARC) to block

all communication from the attacking host for a given period of time
Request block connection: causes IPS to send a request to the ARC to block the specific

connectionfrom the attacking host for a given period of time
Reset TCP connection: clears Transmission Control Protocol (TCP) resources so that normal

TCPnetwork activity can be established
IPS in promiscuous mode requires Remote Switched Port Analyzer (RSPAN). RSPAN enables the monitoring of traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a non-routed network. Inline mode enables IPS to examine traffic as it flows through the IPS device. Therefore, the IPS device must be directly connected to the network segment that it is intended to protect. Any traffic that should be analyzed by IPS must be to a destination that is separated from the source by the IPS device.
IPS can use all of the following actions to mitigate a network attack in inline mode:
Deny attacker inline: directly blocks all communication from the attacking host

Deny attacker service pair inline: directly blocks communication between the attacker and a specific

port
Deny attacker victim pair inline: directly blocks communication that occurs on any port between the

attacker and a specific host
Deny connection inline: directly blocks communication for a specific TCP session

Deny packet inline: directly blocks the transmission of a specific type of packet from an attacking host

Modify packet inline: allows IPS to change or remove the malicious contents of a packet

IPS in inline mode mitigates attacks for 60 minutes by default. IPS in promiscuous mode mitigates attacks for 30 minutes by default. However, the mitigation effect time for both inline mode and promiscuous mode can be configured by an IPS administrator.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 13, IPS/IDS Fundamentals, pp. 534-535 Cisco: Cisco IPS Mitigation Capabilities: Event Actions

Question 113/160

LEAVE A REPLY

Download PDF File