An administrator would like to review the effectiveness of existing security in the enterprise. Which of the
following would be the BEST place to start?

A.
Review past security incidents and their resolution

B.
Rewrite the existing security policy

C.
Implement an intrusion prevention system

D.
Install honey pot systems

Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this
activity, attempt to block/stop it, and report it.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source
or are being perpetrated by a user locally logged in to the host.D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding
response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access
to specified websites and certain web-based applications.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21