Which of the following can be installed on a host to analyze and prevent malicious traffic on that host? (Select
the best answer.)

A.
antivirus software

B.
a HIPS

C.
a personal firewall

D.
a proxy server

Explanation:
A Hostbased Intrusion Prevention System (HIPS) can be installed on a host to analyze and prevent malicious
traffic on that host. An Intrusion Prevention System (IPS) can be used to actively monitor, analyze, and block
malicious traffic before it infects devices. HIPS software can be installed on a host computer to protect that
computer against malicious traffic. By contrast, a Networkbased IPS (NIPS) is an independent operating
platform, often a standalone appliance or a hardware module installed in a chassis. A NIPS device can be
installed inline on a network to monitor and prevent malicious traffic from being sent to other devices on the
network. One advantage of using a NIPS over a HIPS is that a NIPS can detect lowlevel network events, such
as the scanning of random hosts on the network? a HIPS can only detect scans for which it is the target. A
HIPS and a NIPS can be used together to provide an additional layer of protection.
Although you could install a personal firewall to protect a host from malicious traffic, a personal firewall does not
perform traffic analysis. However, a personal firewall can work in conjunction with other software, such as a
HIPS or a NIPS, to protect a host from a wider array of malicious activities. For example, Cisco Advanced
Malware Protection (AMP) for Endpoints can work in conjunction with a personal firewall to provide threat
protection and advanced analytics.
You could not install antivirus software to analyze and prevent malicious traffic on that host. Antivirus software
monitors the file system and memory space on a host for malicious code. Although the antivirus software might
protect the host from malicious file execution, it would be unable to protect the host from malicious traffic. Some
antivirus vendors offer integrated security suites, which feature personal firewall, HIPS, antivirus, and
antimalware components.
You could not install a proxy server on a host to analyze and prevent malicious traffic on that host. A proxy
server is typically an application layer gateway that provides resource caching and traffic filtering for a particular
class of traffic, such as web content. Although you could install a proxy server locally on a host, it would not
have a significant effect on malicious traffic directed at the host nor would it be able to analyze its content.

CCNA Security 210260 Official Cert Guide, Chapter 19, Mitigation Technologies for Endpoint Threats, pp. 498-
499