You applied a block-all intrusion prevention system (IPS) profile for client and server targets to secure the server, but the database team reported that applications stopped working immediately after. How can you apply IPS in a way that ensures it does not disrupt existing applications in the network? (Choose one answer)

A. Limit the IPS profile to server targets only and set the action to default.
B. Select flow mode in the IPS profile and monitor the application patterns.
C. Use an IPS profile with all signatures in monitor mode and verify patterns before blocking.
D. Set the IPS profile signature action to default and verify patterns.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Adam 2026-01-19 12:25:01

Selected Answers: C

From Study Guide:
If you encounter a scenario where an IPS signature blocks your native traffic and an application that you are using is considered hostile, you should set the Action to Monitor, at the top of your rules.

A and D are wrong because default action is "Block" for some signatures and "Pass" for other signatures, so there are still potential false-positives
B is wrong because IPS always uses flow-based inspection, so there's no option to select flow mode because it's the only one.