nerdexam
Cisco

350-201(NEW-127Q) · Question #112

350-201(NEW-127Q) Question #112: Real Exam Question with Answer & Explanation

Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #112. The question stem and answer options stay visible for context.

Intrusion Detection and Prevention

Question

Refer to the exhibit. 
rule id 100
event type tcp
event action alert
source address any
destination address any
source port any
destination port 80
protocol tcp
The rule is configured to alert any TCP traffic to or from port 80. However, it is causing false positives because it is also triggering legitimate traffic, such as web browsing traffic. What should an engineer recommend?

Options

  • AAdd the rule to only alert traffic that matches a specific signature.
  • BFilter out the false positives manually.
  • CReconfigure the rule to only alert traffic from specific IP addresses or ranges.
  • DDisable the rule.

Unlock 350-201(NEW-127Q) to see the answer

You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 350-201(NEW-127Q) - $49.99 / 30 daysSign in

Topics

#IDS/IPS Rules#False Positive Tuning#Rule Scoping#Network Security Monitoring
Full 350-201(NEW-127Q) Practice