Which statement correctly describes the output of the command diagnose ips anomaly list?〖哪些关于命令 diagnose ips anomaly list 的输出的描述是正确的?〗
A. Lists the configured DoS policy.〖列出配置DoS策略〗
B. List the real-time counters for the configured DoS policy. 〖列出配置DoS政策实时计算器〗
C. Lists the errors captured when compiling the DoS policy.〖列出编译DoS策略时捕获的错误〗
D. Lists the IPS signature matches.〖列出匹配的IPS签名〗
【分析】
【答案】B
Review the IPS sensor filter configuration shown in the exhibit. 〖查看下列图示IPS传感器过滤配置〗
Based on the informationin the exhibit, which statements are correct regarding the filter? (Choose two)〖基于图示的信息,哪些关于过滤的描述是正确的?(选择两个)〗
A. It does not log attacks targeting Linux servers. 〖它不记录针对Linux服务器的攻击〗
B. It matches all traffic to Linux servers. 〖它匹配所有流量到Linus服务器〗
C. Its action will block traffic matching these signatures.〖它将阻止匹配这些签名的流量〗
D. It only takes effect when the sensor is applied to a policy.〖当传感器应用于策略的时候它才生效〗
【分析】
IPS传感器需要在防火墙策略里调用才能生效。
【答案】CD
Examine the following log message for IPS: 〖检查下面的IPS的日志信息〗
2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood"
icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50"
Which statement is correct about the above log? (Choose two) 〖哪些关于日志的描述是正确的?(选择两个)〗
A. The target is 192.168.3.168.〖目标是192.168.3.168〗
B. The target is 192.168.3.170.〖目标是192.168.3.170〗
C. The attack was NOT blocked.〖攻击没有被阻止〗
D. The attack was blocked.〖攻击被阻止了〗
【分析】
src="192.168.3.168" dst="192.168.3.170" 表明是从192.168.3.168 去攻击 192.168.3.170。status="detected" 表明攻击只是被检测到,并没有阻止。
【答案】BC