Which of the following options does not belong to the security risk of the application layer of the TCP/IP protocol stack?

IPS is an intelligent intrusion detection and prevention product. It can not only detect the occurrence of intrusion, but also can stop the occurrence and development of intrusion in real time through a certain response method and protect the information system from substantive attack in real time.
Which of the following statement is wrong about the description of IPS?

Which of the following are the control items of HTTP behavior?) (multiple choice)

The configuration commands for enabling the attack defense function are as follows:
[FW] anti-ddos syn-flood source-detect
[FW] anti-ddos udp-flood dynamic-fingerprint-learn
[FW] anti-ddos udp-frag-flood dynamic-fingerprint-learn
[FW] anti-ddos http-flood defend alert-rate 2000
[FW] anti-ddos http-flood source-detect mode basic
Which of the following are the correct descriptions of the attack prevention configuration? (Multiple Choices)

Misuse detection discovers intrusion activity in system by detecting similar behaviors of user intrusions, or by detecting violations of system security rules indirectly by exploiting system flaws.
Which of the following is not misuse detection feature?