Check Point Certified Cloud Specialist (CCCS) R82 — Question 8

What are some measures you can take to prevent IPS false positives?

Answer options

• A. Exclude problematic services from being protected by IPS (sip, H.323, etc.)
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packets, Update the IPS database, and Back up custom IPS files

Correct answer: D

Explanation

The correct answer, D, encompasses proactive steps that enhance the IPS's effectiveness by ensuring it has the most current data and configurations. Options A and B could lead to vulnerabilities, as excluding services or using only Detect mode does not address the root cause of false positives. Option C may not be tailored enough to suit specific environments, making it less effective than the comprehensive approach in D.