What are some measures you can take to prevent IPS false positives?
A. Exclude problematic services from being protected by IPS (sip, H.323, etc.)
B. Use IPS only in Detect mode
C. Use Recommended IPS profile
D. Capture packets, Update the IPS database, and Back up custom IPS files
I agree – I looked it up and was a little surprised.
“Take the following measure s to prevent false positives:
• Import Snort signatures
• Back up custom IPS files
• Update the IPS database
• Import IPS profiles
• Capture packets
• Analyze advanced SmartEvent
• Configure Geo Protections”
according to book correct answer is D