An administrator would like to review the effectiveness of existing security in the enterprise. Which of the
following would be the BEST place to start?
A.
Review past security incidents and their resolution
B.
Rewrite the existing security policy
C.
Implement an intrusion prevention system
D.
Install honey pot systems
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information
about this activity, attempt to block/stop it, and report it
Incorrect Answers:
A: If the incidents have been resolved, the system would be configured to deal with those incidents. It is
the new incidents that are the issue.
B: Rewriting the security policy could be a step further down the line, after requirements have been
determined.
D: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the
attack to research current attack methodologies.http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 213