An administrator is looking to implement a security device which will be able to not only detect network
intrusions at the organization level, but help defend against them as well. Which of the following is being
described here?

A.
NIDS

B.
NIPS

C.
HIPS

D.
HIDS

Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious
activity, log information about this activity, attempt to block/stop it, and report it
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting networkfocused attacks, such as bandwidth-based DoS attacks.
C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single
host for suspicious activity by analyzing events occurring within that host.
D: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated
by a user locally logged in to the host.

http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 21