FCSS – Enterprise Firewall Administrator 7.4 — Question 18

An administrator applied a block-all IPS profile for client and server targets to secure the server, but the database team reported the application stopped working immediately after.
How can an administrator apply IPS in a way that ensures it does not disrupt existing applications in the network?

Answer options

• A. Use an IPS profile with all signatures in monitor mode and verify patterns before blocking.
• B. Limit the IPS profile to server targets only to avoid blocking connections from the server to clients.
• C. Select flow mode in the IPS profile to accurately analyze application patterns.
• D. Set the IPS profile signature action to default to discard all possible false positives.

Correct answer: A

Explanation

The correct answer is A because using an IPS profile in monitor mode allows the administrator to analyze potential threats without immediately blocking traffic, thus preventing disruption to applications. Options B and C limit the scope of protection and may still miss important threats, while option D blindly discards traffic, which could lead to legitimate traffic being blocked and applications failing.