JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2022) — Question 22

What are two ways to help reduce false positives for an IDP rule? (Choose two.)

Answer options

• A. Change the rule to a lower severity action.
• B. Remove the attack object from the rule.
• C. Create an exempt rule.
• D. Configure a terminal rule at the end of the rule base.

Correct answer: A, C

Explanation

Changing the rule to a lower severity action can help in reducing false positives by making the rule less sensitive to benign traffic, while creating an exempt rule allows certain traffic to bypass the IDP, thus minimizing false alarms. Removing the attack object or configuring a terminal rule may not effectively address the issue of false positives as they could still trigger alerts under certain conditions.