When tuning an IPS, which three determinations should help you decide whether a rule should be disabled?

When tuning an IPS, which three determinations should help you decide whether a rule should be disabled? (Choose three.)

Question:

When tuning an IPS, which three determinations should help you decide whether a rule should be disabled?

Options:

Does the alert occur frequently?

Does the alert generate a true positive condition?

If the alert is not a security incident, does it offer valuable information?

Does the alert pertain to your network environment?

Correct Answer

The Correct Answer for this Question is

Does the alert generate a true positive condition?
If the alert is not a security incident, does it offer valuable information?
Does the alert pertain to your network environment?

Leave a Comment