CompTIA Security Plus Mock Test Q796

Joe, a network security engineer, has visibility to network traffic through network monitoring tools However, he’s concerned that a disgruntled employee may be targeting a server containing the company’s financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe’s suspicion?

.

A. HIDS
B. HIPS
C. NIPS
D. NIDS

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application
activity for signs of intrusion. It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system.

Incorrect Answers:
B: A host-based IPS (HIPS) is an intrusion detection and prevention system that runs as a service on a host computer system. It is used to monitor the machine logs, system events,
and application activity for signs of intrusion.
C: A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting
and responding to network-based attacks originating from outside the organization.
D: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the
organization.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 111-112, 116-117
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 13-16