Comptia Security Plus Mock Test Q30

An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A. Review past security incidents and their resolution
B. Rewrite the existing security policy
C. Implement an intrusion prevention system
D. Install honey pot systems

Correct Answer: C
Section: Network Security

Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Incorrect Answers:
A: If the incidents have been resolved, the system would be configured to deal with those incidents. It is the new incidents that are the issue.

B: Rewriting the security policy could be a step further down the line, after requirements have been determined.

D: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.

References:
http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 213