When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A . Deny the connection inline.
B . Perform a Layer 6 reset.
C . Deploy an antimalware system.
D . Enable bypass mode.
Answer: A
Explanation:
Deny connection inline: This action terminates the packet that triggered the action and future packets that are part of the same TCP connection. The attacker could open up a new TCP session (using different port numbers), which could still be permitted through the inline IPS. Available only if the sensor is configured as an IPS.
Source: Cisco Official Certification Guide, Table 17-4 Possible Sensor Responses to Detected Attacks, p.465