单项选择题
Which statement about IDS/IPS design is correct?()
A. An IPS should be deployed if the security policy does not support the denial of traffic.
B. An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.
C. An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.
D. Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.
相关考题
-
单项选择题
Users at the Charleville Company began experiencing high network delays when Internet connectivity was enabled for all users. After investigating the traffic flow, you determine that peerto-peer traffic from a music download site is consuming a large amount of bandwidth. Which QoS mechanism can you implement to improve the network response time?()
A. Use CBWFQ to queue the peer-to-peer traffic into the default traffic class.
B. Use class-based WRED to randomly drop the peer-to-peer traffic during network congestions.
C. Use class-based policing to limit the peer-to-peer traffic rate.
D. Use class-based shaping to delay any excessive peer-to-peer traffic. -
单项选择题
Which design topology incurs a performance penalty since there are two encryption-decryption cycles between any two remote sites?()
A. peer-to-peer
B. partial mesh
C. hub and spoke
D. full mesh -
多项选择题
The Schuyler and Livingston Iron Works has been working on getting its network security under control. It has set up VPN with IPSec links to its suppliers. It has installed network vulnerability scanners to proactively identify areas of weakness, and it monitors and responds to security events as they occur. It also employs extensive access control lists, stateful firewall implementations, and dedicated firewall appliances. The company has been growing very fast lately and wants to make sure it is up to date on security measures.Which two areas of security would you advise the company to strengthen? ()
A. intrusion protection
B. identity
C. secure connectivity
D. security management
