ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 39 discussion

Actual exam question from Cisco's 350-201
Question #: 39
Topic #: 1
[All 350-201 Questions]

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

  • A. Move the IPS to after the firewall facing the internal network
  • B. Move the IPS to before the firewall facing the outside network
  • C. Configure the proxy service on the IPS
  • D. Configure reverse port forwarding on the IPS
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bobster02 at Nov. 30, 2021, 6:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bobster02
Highly Voted 3 years, 5 months ago
Selected Answer: B
Move the IPS to before the firewall facing the outside network.
upvoted 7 times
...
TrainingTeam
Most Recent 6 months, 2 weeks ago
Selected Answer: B
Moving the Intrusion Prevention System (IPS) before the firewall facing the outside network is a strategic action to harden the network. This placement allows the IPS to analyze and filter incoming traffic before it reaches the firewall, providing an additional layer of security. By positioning the IPS externally, it can prevent malicious traffic from ever reaching the internal network devices, thus reducing the number of false positives generated by trusted IP addresses and internal devices1.
upvoted 1 times
...
DrVoIP
2 years, 2 months ago
Based on the given scenario, the recommended action to harden the network would be to move the IPS to after the firewall facing the internal network. This is because the incident log showed that the alerts were from trusted IP addresses and internal devices, which implies that the alerts were not related to any external attacks. By moving the IPS after the firewall facing the internal network, it will help to reduce the number of false positives from trusted sources and improve the accuracy of intrusion detection. - ChatGPT
upvoted 1 times
...
kyle942
2 years, 6 months ago
IDS/IPS should be in place before the firewall as a filter before the traffic ever hits the firewall. The main reason for this is to save resources for the firewall since the IDS/IPS, if active, will prevent many types of malicious traffic and attacks before the firewall is ever hit. Filter closest to the source. The goal with IDS/IPS is to filter incoming traffic, even though it is effective for outgoing traffic also
upvoted 1 times
...
TOLU1985
2 years, 7 months ago
Selected Answer: B
B is right answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago