An administrator would like to review the effectiveness of existing security in the enterprise. Which of the
following would be the BEST place to start?
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
Review past security incidents and their resolution
B.
Rewrite the existing security policy
C.
Implement an intrusion prevention system
D.
Install honey pot systems
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this
activity, attempt to block/stop it, and report it.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source
or are being perpetrated by a user locally logged in to the host.D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding
response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access
to specified websites and certain web-based applications.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21