KT-NET IDS/IPS alerts

IPS blocks a SQL injection attempt against a legacy app, but app logs show no WAF upstream. Concern?

Multiple choice — select one answer

Answer choices

  1. a. Disable IPS because blocking attacks might upset legitimate penetration testers, without security or identity team coordination per policy.
  2. b. IPS may be blind to internal or TLS-east traffic; fix the application and add WAF in depth
  3. c. Move the database to the DMZ to reduce latency for external customers, without security or identity team coordination per policy.
  4. d. IPS blocks mean the application source code is now fully patched automatically, without security or identity team coordination per policy.

Architectural breakdown & explanation

IPS is compensating control; vulnerable apps still need code-level fixes.

Correct answer(s): b. IPS may be blind to internal or TLS-east traffic; fix the application and add WAF in depth

Exam domain: IDS/IPS alerts (17% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.