PrepAway - Latest Free Exam Questions & Answers

Which of the following security mechanism would be MOST appropriate to confirm Joe’s suspicion?

Joe, a network security engineer, has visibility to network traffic through network monitoring tools.
However, he’s concerned that a disgruntled employee may be targeting a server containing the
company’s financial records. Which of the following security mechanism would be MOST
appropriate to confirm Joe’s suspicion?

PrepAway - Latest Free Exam Questions & Answers

A.
HIDS

B.
HIPS

C.
NIPS

D.
NIDS

Explanation:

One Comment on “Which of the following security mechanism would be MOST appropriate to confirm Joe’s suspicion?

  1. meac says:

    Key concept: a disgruntled employee is someone INSIDE the organization.
    The question does also provide a level of amoibuity thrying to throw us off the “scent”
    It says that Joe:
    1- Is a network engineer
    2- Joe has has visibility to network traffic
    3- through network monitoring tools
    So we can be forgiven to think that the answer as a result is NETWORK related
    Yet, all of the above is extra information not relevant to requirement.

    The point is that “a disgruntled employee may be targeting a server containing the
    company’s financial records.”
    So the requiremenst are:
    • The issue is at HOST level, affecting a single individual server.
    • Therefore the issue is NOT NETWORK RELATED, but HOST RELATED.

    So we must therefore eliminate any answers that
    (a) Is not HOST related and
    (b) Is NETWORK related

    In addition to that, even thou the employee is disgruntled, he/she is still an employee with legitimate access. So we do not want to PREVENT access. We want to DETECT all types of access
    So an additional requirement is:
    (a) We must eliminate all answers which PREVENT access
    (b) We must only choose answers which DETECT access

    In short, we need a solution that will DETECT access at HOST level

    INCORRECT ANSWERS:
    B.HIPS – Host Intrusion PREVENTION System
    C.NIPS – NETWORK Intrusion PREVENTION System
    D.NIDS – NETWORK Intrusion Detection System

    Therefore the only answer which meets all of the above criteria is:
    A.HIDS- Host Intrusion Detection System

    A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion.
    It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system.




    0



    0

Leave a Reply