Which of the following devices typically sits inline? (Select the best answer.)

A.
a HIDS

B.
a HIPS

C.
a NIDS

D.
a NIPS

Explanation:
A Networkbased Intrusion Prevention System (NIPS) typically sits inline, which means that all traffic from the
external network must flow through and be analyzed by the NIPS before the traffic can enter the internal
network. Therefore, a NIPS can detect and drop malicious traffic, which prevents malicious traffic from
infiltrating the internal network. A NIPS can work in conjunction with a network firewall? however, Cisco
recommends deploying a NIPS on the inside interface of the firewall in order to prevent the NIPS from wasting
resources by analyzing traffic that will ultimately be blocked by the firewall. This enables the NIPS to efficiently
analyze the traffic that the firewall permits onto the network, rather than processing every inbound packet.
A Hostbased Intrusion Prevention System (HIPS) is software that is installed on a host device and analyzes
traffic that enters the host. Any traffic that is suspected to be malicious is blocked before it can affect the host
device. Many modern, hostbased firewall applications include components that provide HIPS functionality.
A Networkbased Intrusion Detection System (NIDS) typically does not sit inline in the flow of traffic. Instead, a
NIDS merely sniffs the network traffic by using a promiscuous network interface. Because network traffic does
not flow through a NIDS, the NIDS can detect malicious traffic but cannot prevent it from infiltrating the network.
When a NIDS detects malicious traffic, it can alert other network devices in the traffic path so that further traffic
can be blocked. In addition, a NIDS can be configured to send a Transmission Control Protocol (TCP) reset
notification or an Internet Control Message Protocol (ICMP) unreachable message to the source and
destination addresses.
A Hostbased Intrusion Detection System (HIDS) is software that is installed on a host device and analyzes
changes made to the device. The primary difference between a HIDS and a HIPS is that a HIPS can detect and
block malicious traffic before the traffic can affect the host? a HIDS can detect a threat only after it has already
affected the host. Two examples of HIDS applications are Tripwire and OSSEC. Tripwire monitors the integrity
of critical files and sends alerts if changes are made to them. OSSEC is an opensource application that
monitors logs, registries, and critical files. In addition, OSSEC can detect rootkits, which are malware processes
that actively hide their presence from the host operating system.

CCNA Security 210260 Official Cert Guide, Chapter 17, Difference Between IPS and IDS, pp. 460462Cisco:
Cisco IPS Mitigation Capabilities