Designing Cisco Network Service Architectures (ARCH, legacy) — Question 38

What added enforcement feature is available on IDS-based devices to terminate active malicious traffic?

Answer options

• A. Signature detection
• B. SNMP alert
• C. TCP reset
• D. Layer 4 filtering

Correct answer: A

Explanation

The correct answer is A, as signature detection allows IDS devices to identify and respond to known threats actively. Options B and C do not provide direct termination of traffic; B is primarily for notifications, and C is related to TCP session management but not exclusive to IDS features. D, Layer 4 filtering, is more about controlling packets rather than specifically terminating malicious traffic.