FCSS – Enterprise Firewall Administrator 7.6 — Question 18

You need to install a new intrusion prevention system (IPS) profile without triggering false positives that can impact applications and disrupt normal traffic flow.
How can you prevent false positives on IPS analysis?

Answer options

• A. Use an IPS profile with action default and analyze the applications.
• B. Use the IPS profile extension to select an OS, protocol, and application for all the network internal services and users to prevent false positives.
• C. Use an IPS profile with Scan Outgoing Connections to block botnets, which can create false positives.
• D. Use an IPS profile with action monitor; however, you must be aware that this can compromise network integrity.

Correct answer: B

Explanation

Option B is correct because it specifically allows for the selection of the operating system, protocol, and applications that are relevant to the internal network, which helps in reducing false positives. Option A does not utilize specific configurations to prevent false positives, while Option C focuses on blocking botnets without addressing false positives effectively. Option D, while monitoring may help detect issues, poses a risk to network integrity and does not prevent false positives.