Home » Cisco » 210-260 v.2 » Which FirePOWER preprocessor engine is used to prevent SYN attacks?
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A. Rate-Based Prevention
B. Portscan Detection
C. IP Defragmentation
D. Inline Normalization
Correct Answer: A
Explanation/Reference:
The detection_filter keyword and the thresholding and suppression features provide other ways to filter either the traffic itself or the events that the system generates. You can use rate-based attack prevention alone or in any combination with thresholding, suppression, or the detection_filter keyword to prevent SYN attacks.
Reference: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Intrusion-Threat-Detection.html#10682
Rate-Based Prevention Preprocessor. FirePOWER IPS preprocessor that detects traffic abnormalities based on teh frequency of certain types of traffic such as excessive complete or incomplete TCP connections, excessive rule matches for a particular IP address.
1. FirePOWER IPS preprocessor that detects traffic abnormalities based on teh frequency of certain types of traffic such as excessive complete or incomplete TCP connections, excessive rule matches for a particular IP address