Home » Cisco » 210-260 » Which preprocesor do you detect incomplete TCP handshakes?
With which preprocesor do you detect incomplete TCP handshakes?
A. Rate based prevention
B. Port scan detection
C. Other
D. Other
Correct Answer: A
Explanation/Reference:
Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that traffic on legitimate requests. Rate-based attacks usually have one of the following characteristics:
+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood attack
+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP connection flood attack
+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from a particular source IP address or addresses. + excessive matches for a particular rule across all traffic. http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-moduleuser- guide/asafirepower-module-user-guide-v541/Intrusion-Threat-Detection.html
B
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Intrusion-Threat-Detection.html