What IPS feature that is less secure among than the other option permit a better throughput?
A. Promiscuous
B. Other option
Correct Answer: A
Explanation/Reference:
Operating Modes
You can send traffic to the IPS module using one of the following modes:
• Inline mode—This mode places the IPS module directly in the traffic flow (see Figure 59-1). No traffic that you identified for IPS inspection can continue through the ASA without first passing through, and being inspected by, the IPS module. This mode is the most secure because every packet that you identify for inspection is analyzed before being allowed through. Also, the IPS module can implement a blocking policy on a packet-by-packet basis. This mode, however, can affect throughput.
• Promiscuous mode—This mode sends a duplicate stream of traffic to the IPS module. This mode is less secure, but has little impact on traffic throughput. Unlike the inline mode, in promiscuous mode the IPS module can only block traffic by instructing the adaptive ASA to shun the traffic or by resetting a connection on the ASA. Also, while the IPS module is analyzing the traffic, a small amount of traffic might pass through the adaptive ASA before the IPS module can shun it. Figure 59-2 shows the IPS module in promiscuous mode. In this example, the IPS module sends a shun message to the ASA for traffic it identified as a threat.
Link: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ips.html
Explanation/Reference:
Operating Modes
You can send traffic to the IPS module using one of the following modes:
• Inline mode—This mode places the IPS module directly in the traffic flow (see Figure 59-1). No traffic that you identified for IPS inspection can continue through the ASA without first passing through, and being inspected by, the IPS module. This mode is the most secure because every packet that you identify for inspection is analyzed before being allowed through. Also, the IPS module can implement a blocking policy on a packet-by-packet basis. This mode, however, can affect throughput.
• Promiscuous mode—This mode sends a duplicate stream of traffic to the IPS module. This mode is less secure, but has little impact on traffic throughput. Unlike the inline mode, in promiscuous mode the IPS module can only block traffic by instructing the adaptive ASA to shun the traffic or by resetting a connection on the ASA. Also, while the IPS module is analyzing the traffic, a small amount of traffic might pass through the adaptive ASA before the IPS module can shun it. Figure 59-2 shows the IPS module in promiscuous mode. In this example, the IPS module sends a shun message to the ASA for traffic it identified as a threat.
Link: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ips.html