An administrator would like to review the effectiveness of existing security in the enterprise. Which of the
following would be the BEST place to start?
A.
Review past security incidents and their resolution
B.
Rewrite the existing security policy
C.
Implement an intrusion prevention system
D.
Install honey pot systems
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information
about this activity, attempt to block/stop it, and report it
Incorrect Answers:
A: If the incidents have been resolved, the system would be configured to deal with those incidents. It is
the new incidents that are the issue.
B: Rewriting the security policy could be a step further down the line, after requirements have been
determined.
D: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the
attack to research current attack methodologies.http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 213
I think this should be A
It says to review the existing security. If you implemented the IPS you would just see the current which wouldnt be much of a review of how well the security system has worked in the past.
0
0
How is implementing a new system considering “reviewing” existing security? Wish someone could clarify this.
0
0
I understood this answer to mean, as a first step to review the EFFECTIVENESS of the EXISTING security in the enterprise that they should test it and review the results. I think the key words to pick up on “effectiveness”, implying an active test or log of information regarding their security and “existing”, implying current (not past issues or security concerns that have been resolved). However, I do agree that the wording in the question is very poor.
0
0
Jaclyn have you taken the test yet? any advice on studying for it?
0
0
I would go w/ A.
0
0