Pete, a security administrator, has observed repeated attempts to break into the network. Which of the
following is designed to stop an intrusion on the network?
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity,
log information about this activity, attempt to block/stop it, and report it
B: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single
host for suspicious activity by analyzing events occurring within that host.
D: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused
attacks, such as bandwidth-based DoS attacks.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 21