When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A . Deny the connection inline.
B . Perform a Layer 6 reset.
C . Deploy an antimalware system.
D . Enable bypass mode.

View Answer

Answer: A

Explanation:

Deny connection inline: This action terminates the packet that triggered the action and future packets that are part of the same TCP connection. The attacker could open up a new TCP session (using different port numbers), which could still be permitted through the inline IPS. Available only if the sensor is configured as an IPS.

Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465