Thread: upgrade question - clarification
View Single Post
  #5 (permalink)  
Old 2007-11-07
Pippa Pippa is offline
Junior Member
  
Join Date: 2007-10-22
Posts: 29
Rep Power: 0
Pippa has an average reputation (10+)
Default Re: upgrade question - clarification
Maybe someone can clarify this question

You receive an alert indicating a suspicious FTP connection is trying to connect to one of your internal hosts. How do you block the connection in real time and verify the connection is successfully blocked?

A - Highlight the suspicious connection in SmartView Tracker > Active mode. Block the connection using the Tools > Block intruder menu. Use the Active mode to confirm that the suspicious connection does not reappear.

C - Highlight the suspicious connection in SmartView Tracker > Active mode. Block the connection using Tools > Block intruder menu. Use Active mode to confirm that the suspicious connection is dropped.

Obviously one of these is correct, because this can only be done in Active mode - but how can you verify that the connection has been successfully dropped? They say A, but the answers aren't very clear and I've also seen the answer set as C.

I would have thought that when you block a connection, it disappears from the Active Log view - so A and C could be correct.
Reply With Quote