NSE 7 — Enterprise Firewall — Question 51

You want to block access to the website www.eicar.org using a custom IPS signature.

Which custom IPS signature should you configure?

Answer options

• A. F-SBID ( --name “detect_eicar”; --protocol udp; --service ssl; --flow from_client; --pattern “www.eicar.org”; --no_case; --context host;)
• B. F-SBID ( --name “eicar”; --protocol udp; --flow from_server; --pattern “eicar”; --context host;)
• C. F-SBID ( --name “detect_eicar”; --protocol tcp; --service dns; --flow from_server; --pattern “eicar”; --no_case;)
• D. F-SBID ( --name “eicar”; --protocol tcp; --service HTTP; --flow from_client; --pattern “www.eicar.org”; --no_case; --context host;)

Correct answer: D

Explanation

Option D is correct because it uses the TCP protocol and HTTP service to match the full www.eicar.org pattern and block it from client access, which is necessary for web traffic. Other options either use the wrong protocol, service, or flow direction that would not effectively block access to the website.