Which of the following would you most likely configure on a host to alert you about possible attacks without
filtering traffic? (Select the best answer.)

A.
a botnet

B.
a honeypot

C.
a personal firewall

D.
a HIDS

Explanation:
Most likely, you would configure a Hostbased Intrusion Detection System (HIDS) to alert you about possible
attacks without taking action to protect the system. A HIDS is a software or hardwarebased system that detects
intrusions by monitoring system activity, such as resource usage. By monitoring and auditing activity on the
host, the HIDS can detect anomalies associated with an intrusion and can issue an alert. Although a HIDS
could alert you about incoming traffic, it would not be able to filter that traffic.
You could configure a personal firewall to block incoming traffic on a specific port. A personal firewall is a
softwarebased system that controls the flow of network traffic. A personal firewall can be configured to allow
traffic or to block traffic. For example, you can configure a firewall to block or allow traffic based on the port on
which that traffic is being sent.
You are not likely to configure a honeypot on a host to alert you about possible attacks without filtering traffic. A
honeypot is a decoy system that is made to appear vulnerable to network intruders for the purpose of trapping
them? it also logs information about the attack for further study.
You would not install a botnet to block incoming traffic on a specific port. A botnet is a network of zombies.
Zombies, or bots, are compromised computers that can be used to perform Denial of Service (DoS) or
Distributed DoS (DDoS) attacks and to send spam.
CCNA Security 210260 Official Cert Guide, Chapter 19, Personal Firewalls and Host Intrusion Prevention
Systems, pp. 498-499