Which option and value pair will allow more specific detection?

FCSS_EFW_AD-7.4 0 Comments

View the following exhibit, which contains the sniffer output for a passive mode FTP request.

An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.

Which option and value pair will allow more specific detection?
A . –protocol ftp
B . –service ftp
C . –name "Block.FTP.PASV"
D . –attack_id 1001

Answer: B

Latest FCSS_EFW_AD-7.4 Dumps Valid Version with 210 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download FCSS_EFW_AD-7.4 PDF     FCSS_EFW_AD-7.4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments