FCSS – Enterprise Firewall Administrator 7.4 — Question 7

An administrator needs to install an IPS profile without triggering false positives that can impact applications and cause problems with the user's normal traffic flow.
Which action can the administrator take to prevent false positives on IPS analysis?

Answer options

• A. Use the IPS profile extension to select an operating system, protocol, and application for all the network internal services and users to prevent false positives.
• B. Enable Scan Outgoing Connections to avoid clicking suspicious links or attachments that can deliver botnet malware and create false positives.
• C. Use an IPS profile with action monitor, however, the administrator must be aware that this can compromise network integrity.
• D. Install missing or expired SSL/TLS certificates on the client PC to prevent expected false positives.

Correct answer: C

Explanation

The correct choice is C because using an IPS profile with action monitor allows for monitoring of potential threats without taking immediate action, which helps in reducing false positives while still keeping an eye on traffic. Options A, B, and D do not specifically address the issue of false positives in the context of IPS analysis and could lead to other issues or do not have a direct impact on preventing false positives.