An administrator would like to review the effectiveness of existing security in the enterprise. Which of the
following would be the BEST place to start?
Review past security incidents and their resolution
Rewrite the existing security policy
Implement an intrusion prevention system
Install honey pot systems
The main functions of intrusion prevention systems are to identify malicious activity, log information about this
activity, attempt to block/stop it, and report it.
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source
or are being perpetrated by a user locally logged in to the host.D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding
response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access
to specified websites and certain web-based applications.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21