nerdexam
Exams200-201Questions#310
CiscoCisco

200-201 · Question #310

200-201 Question #310: Real Exam Question with Answer & Explanation

The correct answer is C: IPS. The exhibit shows a rule written in the format used by intrusion detection and prevention systems like Snort or Suricata. The rule uses keywords such as alert, sid (signature ID), and classtype, which are characteristic of IPS/IDS signatures. The rule is designed to detect and bl

Submitted by katya_ua· Mar 6, 2026Network Intrusion Analysis

Question

Refer to the exhibit. A company's user HTTP connection to a malicious site was blocked according to configured policy. What is the source technology used for this measure?

Options

  • Anetwork application control
  • Bfirewall
  • CIPS
  • Dweb proxy

Explanation

The exhibit shows a rule written in the format used by intrusion detection and prevention systems like Snort or Suricata. The rule uses keywords such as alert, sid (signature ID), and classtype, which are characteristic of IPS/IDS signatures. The rule is designed to detect and block specific attack patterns in HTTP traffic (in this case, a Chrome XSSAuditor bypass attempt). The drop action in the metadata and the detailed pattern matching are typical of IPS functionality, which can actively block malicious traffic.

Topics

#IPS#network security devices#threat prevention#security controls

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions