SNCF — Securing Networks with Firepower — Question 177

A company is deploying a Cisco Secure IPS device configured in inline mode with a single Interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two.)

Answer options

• A. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces
• B. Modify the security zones used by the Cisco Secure IPS device
• C. Change the MTU for the inline set to at least 1518
• D. Reconfigure access rules to drop all but the first occurrence of the packet
• E. Reassign the interface pairs to separate inline sets

Correct answer: B, E

Explanation

The correct options, B and E, are essential for the IPS device to function effectively. Modifying the security zones allows for better traffic categorization, while reassigning interface pairs to separate inline sets helps to avoid confusion between different flows, thereby minimizing the risk of duplicate traffic and false positives. The other options either do not address the identification of packet flows or are not necessary for preventing duplicates.