Which of the following controls should critical application servers implement to protect themselves from
other potentially compromised application services?

A.
NIPS

B.
Content filter

C.
NIDS

D.
Host-based firewalls

Explanation:
A host-based firewall is designed to protect the host from network based attack by using filters to limit
the network traffic that is allowed to enter or leave the host. The action of a filter is to allow, deny, or log
the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet
from going any further and effectively discarding it. Log records information about the packet into a log
file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required,
other potentially compromised application services would be prevented from being exploited across the
network.
Incorrect Answers:
A: A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic
in real time against a database of attack signatures. It is useful for detecting and responding to networkbased attacks originating from outside the organization. However, other potentially compromised
application services would run on the host, rather than across the network.
B: Content filtering usually refers to web site content. It entails inspecting the data on a web page against
a blacklist of unwanted terms and preventing access to that web page.
C: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and
is useful for detecting network-based attacks originating from outside the organization. However, other
potentially compromised application services would run on the host, rather than across the network.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 111-112, 116-117
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-8, 13-16