8 Comments on “Which of the following would be BEST suited for this task?”

1. George says:

   June 28, 2015 at 12:13 am

   Right answer should be NIDS if he’s been asked to passively monitor network traffic.

   Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected.

   https://en.wikipedia.org/wiki/Intrusion_prevention_system

   
   
   
   0

   
   
   
   0
   1. Tony says:

      August 28, 2015 at 11:07 am

      But you don’t need to use the prevention features. You can put it in audit mode, even just on specific IPs/interfaces if you like.
      A firewall could do the same job, but is less likely to have the same level of sophistication.

      
      
      
      0

      
      
      
      0
2. PeterPan says:

   July 27, 2015 at 12:08 pm

   I agree with George, but to the same argument IDS’s are (or can be) an extension of firewalls. And you can packet capture with filters on (some) firewalls.

   Its a poorly asked question.

   
   
   
   0

   
   
   
   0
3. penguin says:

   August 13, 2015 at 11:32 pm

   Yep both NIDS and firewall with logging turned on and/or packet captures would do the job. Hopefully it was just a typo …

   
   
   
   0

   
   
   
   0
4. him says:

   August 20, 2015 at 11:35 pm

   The correct answer from the given options is C (NIPS).
   Remember that a NIPS can do everything a NIDS can, but it can also prevent traffic.
   If the question was asking for a device that can ONLY passively monitor network traffic, then NIDS would be right.

   These questions are made like this to confuse the test taker. If you read carefully and understand the topics you can figure it out.

   
   
   
   0

   
   
   
   0
   1. Rick says:

      September 3, 2016 at 6:52 pm

      No. it can’t be figured out. The question is confusing. It’s a bad question. It shouldn’t be used for testing. That’s it.

      
      
      
      0

      
      
      
      0
5. rsm says:

   December 3, 2016 at 7:59 am

   Everyone has great comments. These types of questions are tricky and are meant to be vague and confusing, and forces the test taker to dig deep. The key parts of this question includes the phrases “network traffic” and “BEST suited”. “him” has a great comment. Answer C is correct. Answer A is not correct because an HIDS is host-based, not network based.

   
   
   
   0

   
   
   
   0
6. Deepak says:

   March 17, 2018 at 5:53 am

   I agree with the answer, as the administrator is monitoring Network Traffic and you can do it easily from NIPS.

   
   
   
   0

   
   
   
   0