Which of the following actions should be taken when an information security manager discovers
that a hacker is foot printing the network perimeter?

A.
Reboot the border router connected to the firewall

B.
Check IDS logs and monitor for any active attacks

C.
Update IDS software to the latest available version

D.
Enable server trace logging on the DMZ segment

Explanation:

Information security should check the intrusion detection system (IDS) logs and continue to
monitor the situation. It would be inappropriate to take any action beyond that. In fact, updating the
IDS could create a temporary exposure until the new version can be properly tuned. Rebooting the
router and enabling server trace routing would not be warranted.