A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.
Which actions should you take?
- · Update Distributed IDS/IPS signature database
· Edit your profile from Security > Distributed IDS > Profiles · Select Critical severity, filter on attack type and select Successful Credential Theft Detected · Check the profile is applied in Distributed IDS rules - · Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules · Filter on attack type and select Successful Credential Theft Detected · Update Mode to detect and prevent
· Click on gear icon and change direction to OUT - · Create a new profile from Security > Distributed IDS > Profiles · Select Critical severity, filter on attack type and select Successful Credential Theft Detected · Check the profile is applied In Distributed IDS rules · Monitor Distributed IDS alerts to validate changes are applied
- · Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules · Filter on attack type and select Successful Credential Theft Detected · Update Mode to detect and prevent
· Click on gear icon and change direction to IN-OUT
Answer(s): A
Explanation:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_ids_ips/GUID-B2D6A7F6-
Reveal Solution Next Question