Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?
A. attack relevancy
B. target asset value
C. signature accuracy
D. risk rating
Correct Answer: D
Explanation/Reference:
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper09 00aecd806e7299.html
Risk Rating Calculation
Risk rating is a quantitative measure of your network’s threat level before IPS mitigation. For each event fired by IPS signatures, Cisco IPS Sensor
Software calculates a risk rating number. The factors used to calculate risk rating are:
Signature fidelity rating: This IPS-generated variable indicates the degree of attack certainty. Attack severity rating: This IPS-generated variable indicates the amount of damage an attack can cause.
Target value rating: This user-defined variable indicates the criticality of the attack target. This is the only factor in risk rating that is routinely maintained by the user. You can assign a target value rating per IP address in Cisco IPS Device Manager or Cisco Security Manager. The target value rating can raise or lower the overall risk rating for a network device. You can assign the following target values:
75: Low asset value
100: Medium asset value
200: Mission-critical asset value
Attack relevancy rating: This IPS-generated value indicates the vulnerability of the attack target. Promiscuous deltA. The risk rating of an IPS deployed in promiscuous mode is reduced by the promiscuous delta. This is because promiscuous sensing is less accurate than inline sensing. The promiscuous delta can be configured on a per-signature basis, with a value range of 0 to 30. (The promiscuous delta was introduced in Cisco IPS Sensor Software Version 6.0.) Watch list rating: This IPS-generated value is based on data found in the Cisco Security Agent watch list. The Cisco Security Agent watch list contains IP addresses of devices involved in
Get Latest & Actual 640-554 Exam’s Question and Answers from Passleader.
Explanation/Reference:
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper09 00aecd806e7299.html
Risk Rating Calculation
Risk rating is a quantitative measure of your network’s threat level before IPS mitigation. For each event fired by IPS signatures, Cisco IPS Sensor
Software calculates a risk rating number. The factors used to calculate risk rating are:
Signature fidelity rating: This IPS-generated variable indicates the degree of attack certainty. Attack severity rating: This IPS-generated variable indicates the amount of damage an attack can cause.
Target value rating: This user-defined variable indicates the criticality of the attack target. This is the only factor in risk rating that is routinely maintained by the user. You can assign a target value rating per IP address in Cisco IPS Device Manager or Cisco Security Manager. The target value rating can raise or lower the overall risk rating for a network device. You can assign the following target values:
75: Low asset value
100: Medium asset value
200: Mission-critical asset value
Attack relevancy rating: This IPS-generated value indicates the vulnerability of the attack target. Promiscuous deltA. The risk rating of an IPS deployed in promiscuous mode is reduced by the promiscuous delta. This is because promiscuous sensing is less accurate than inline sensing. The promiscuous delta can be configured on a per-signature basis, with a value range of 0 to 30. (The promiscuous delta was introduced in Cisco IPS Sensor Software Version 6.0.) Watch list rating: This IPS-generated value is based on data found in the Cisco Security Agent watch list. The Cisco Security Agent watch list contains IP addresses of devices involved in
Get Latest & Actual 640-554 Exam’s Question and Answers from Passleader.
http://www.passleader.com
network scans or possibly contaminated by viruses or worms. If an attacker is found on the watch list, the watch list rating for that attacker is added to the risk rating. The value for this factor is between 0 and 35. (The watch list rating was introduced in Cisco IPS Sensor Software Version 6.0.) Risk rating can help enhance your productivity as it intelligently assesses the level of risk of each event and helps you focus on high-risk events.
