Mike, a network administrator, has been asked to passively monitor network traffic to the company’s
sales websites. Which of the following would be BEST suited for this task?
A.
HIDS
B.
Firewall
C.
NIPSD. Spam filter
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log fi les of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated
by a user locally logged in to the host.
B: Firewalls provide protection by controlling traffic entering and leaving a network.
D: A spam filter is a software or hardware tool whose primary purpose is to identify and
block/filter/remove unwanted messages (that is, spam). Spam is most commonly associated with email,
but spam also exists in instant messaging (IM), short message service (SMS), Usenet, and web
discussions/forums/comments/blogs.http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 42, 47
The answer has to be NIDS(Network based Intrusion Detection system) as it is a passive network monitor whereas NIPS is an active network monitoring system.
1
0
I do agree with Karan. IPS is always active but IDS is a dual system that Active and passive. he pointed out that “passively monitor the network”. the answer should be NIDS.
0
0
Agreed a NIPS is “ACTIVELY” monitoring while NIDS would be “PASSIVELY” monitoring.
0
0
Q. 74136: Choice C & D need to be separated.
0
0
The answer to this question is not clear. One of the key terms in the question was “passive”. A NIP is not passive. The “P” stands for prevention which is an active response. A NID “D” stands for detection is passive which is a passive response. Spam Filtering is another active response.
0
0
is this dumb valid,
0
0
Answer is A. HIDS
Agreed, the BEST answer would be NIDS. However, they don’t give NIDS as a potential answer. Everyone is understanding that a NIPS would be active (it puts pulses onto the wire), but we are focusing on “passive” too much and missing that we are to monitor traffic directed to a specific system, the Web server. So the key here is not that we are trying to monitor traffic on the cables, but rather traffic that has already been delivered to the web server. Though a HIDS has nothing to do with traffic on a wire, it can however look at the traffic that has already been delivered to its host that it is monitoring. Lastly, a HIDS is passive.
0
0