Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 72

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

Answer options

• A. Move the IPS to after the firewall facing the internal network
• B. Move the IPS to before the firewall facing the outside network
• C. Configure the proxy service on the IPS
• D. Configure reverse port forwarding on the IPS

Correct answer: B

Explanation

Moving the IPS before the firewall facing the outside network allows it to analyze and filter traffic before it reaches the internal network, thereby enhancing security. The other options do not effectively address the issue of detecting potential threats from external sources or may compromise the network's integrity.