Custom IPS Signature for Vulnerable Web Application | Cisco Exam 400-251

Creating a Custom IPS Signature for "/runscript.php" URI

Prev Question Next Question


Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the "/ runscript.php" URI is run?



Click on the arrows to vote for the correct answer

A. B. C. D. E. F.


The correct answer to this question is option F: Multi-String.

The Cisco IPS (Intrusion Prevention System) appliance provides various signature engines to detect and prevent network-based attacks. The signature engines use different techniques to identify and match patterns in network traffic.

In this scenario, the custom IPS signature needs to trigger when a vulnerable web application is identified by the "/runscript.php" URI. The "/runscript.php" URI is a unique string pattern that is specific to the vulnerable web application.

The Multi-String signature engine is used to match multiple string patterns within a single packet or across multiple packets. It can be used to create a custom signature that matches the "/runscript.php" URI string pattern.

Therefore, the correct answer is F: Multi-String. Option A, AIC HTTP, is incorrect as it is used to identify HTTP traffic anomalies based on traffic patterns. Option B, Service HTTP, is used to detect and block specific HTTP services. Option C, String TCP, is used to match a specific string pattern within a TCP packet. Option D, Atomic IP, is used to match an IP address or range of IP addresses. Option E, META, is used to identify specific HTML tags and attributes in HTTP traffic.