Comptia Security Plus Mock Test Q14

An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here?


Correct Answer: B
Section: Network Security

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks.

C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

D: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting attacks directed against a host, whether they originate from an external
source or are being perpetrated by a user locally logged in to the host.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 21