Cisco Exam 350-201 Topic 9 Question 64 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 64
Topic #: 9

Refer to the exhibit.

IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

ABlock list of internal IPs from the rule

BChange the rule content match to case sensitive

CSet the rule to track the source IP

DTune the count and seconds threshold of the rule

Show Suggested Answer

Suggested Answer: C

by Lashandra at Jan 04, 2023, 01:25 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Verda

4 days ago

Option B? Seriously? Making the rule case-sensitive? That's like trying to put out a fire with gasoline.

upvoted 0 times

...

Aide

24 days ago

I'd go with Option C. Tracking the source IP seems like a more targeted approach than just blocking a list of internal IPs.

upvoted 0 times

Daryl

3 days ago

User2: I agree, tracking the source IP would be more effective.

upvoted 0 times

...

Magda

11 days ago

User1: I think Option C is the best choice.

upvoted 0 times

...

Gary

25 days ago

Option D looks like the way to go. Tuning the count and seconds threshold could help filter out those pesky false positives without blocking legitimate traffic.

upvoted 0 times

...