response action vs action

livenliven Member Posts: 918
Is there really a difference between

response action and just a plain old action?

Sorry if this is a silly question, but as I build my own study guide off of the exam blue print I am struggling with some of the things listed. The reason I am struggling is because it is difficult to get clear cut definitions for some of the things on the blue print from

I am talking about this:

* Configure response actions for a signature

that is straight from the IPS exam blue print on

I am thinking they are asking how do you configure things like this:

deny attacker inline
deny packet inline
log attacker packets


encrypt the encryption, never mind my brain hurts.


  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    A response action is anything that is initiated when a signature/anomaly detection fires, whether it be full blown host blocking/connection-denies or just an alert. I think they make the distinction because you can pro-actively/manually block hosts or perform captures without a signature firing, in that case it's just a 'plain old action'.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • livenliven Member Posts: 918
    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.