Which option and value pair will allow more specific detection?
View the following exhibit, which contains the sniffer output for a passive mode FTP request.
An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.
Which option and value pair will allow more specific detection?
A . –protocol ftp
B . –service ftp
C . –name "Block.FTP.PASV"
D . –attack_id 1001
Answer: B
Latest FCSS_EFW_AD-7.4 Dumps Valid Version with 210 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments