You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address.
What action can you take to allow the user access to the IP address?
A . Create a whitelist and add the appropriate IP address to allow the traffic.
B . Create a custom blacklist to allow the traffic.
C . Create a user based access control rule to allow the traffic.
D . Create a network based access control rule to allow the traffic.
E . Create a rule to bypass inspection to allow the traffic.
Answer: A
Explanation:
Using Security Intelligence Whitelists
In addition to a blacklist, each access control policy has an associated whitelist, which you can also populate with Security Intelligence objects. A policy’s whitelist overrides its blacklist. That is, the system evaluates traffic with a whitelisted source or destination IP address using access control rules, even if the IP address is also blacklisted. In general, use the whitelist if a blacklist is still useful, but is too broad in scope and incorrectly blocks traffic that you want to inspect.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHTSystem-UserGuide- v5401/AC-Secint-Blacklisting.pdf
Leave a Reply