Which statement concerning IPS is false?
A. IPS packages contain an engine and signatures used by both IPS and other flow-based scans.
B. One-arm topology with sniffer mode improves performance of IPS blocking.
C. IPS can detect zero-day attacks.
D. The status of the last service update attempt from FortiGuard IPS is shown on System>Config>FortiGuard and in output from ‘diag autoupdate version’
D is false, it’s System>Fortiguard, not System>Config>Fortiguard
it’s A and B
B
one-arm has better performance if comparing to nat mode. C looks wrong to me. IPS is signature based and therefore cannot detect zero-day theoretically. even checkpoint and palo alto state the same thing on their sandbox
Yep, B looks false
A is false
B is false