Exam4Training

Which of these does the analyst implement to meet the above requirement?

A security analyst uses Use Case Manager > Active Rules and detects which TOP rule-generating offenses are triggered due to inbound traffic that is dropped by the firewall. The company decides that the rule should only trigger only when there are firewall permit events.

Which of these does the analyst implement to meet the above requirement?
A . Open Rule Wizard add a test condition > and when the context is Local to Local, Local to Remote
B . Open Rule Wizard add a test condition > and when an event matches any of the following BB:CategoryDefinition: Firewall or ACL Accept
C . Open Rule Wizard add a test condition > and NOT when an event matches any of the following BB:CategoryDefinition: Firewall or ACL Accept
D . Open Rule Wizard add a test condition > and when the event category for the event is one of the following Access.Misc Application Action Denied

Answer: B

Exit mobile version