PrepAway - Latest Free Exam Questions & Answers

Which of the following would provide the BEST level of protection?

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the
following would provide the BEST level of protection?

PrepAway - Latest Free Exam Questions & Answers

A.
HIPS

B.
Antivirus

C.
NIDS

D.
ACL

Explanation:
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are
network security appliances that monitor network and/or system activities for malicious activity. The
main functions of intrusion prevention systems are to identify malicious activity, log information about
this activity, attempt to block/stop it, and report it.
Intrusion prevention systems are considered extensions of intrusion detection systems because they both
monitor network traffic and/or system activities for malicious activity. The main differences are, unlike
intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively
prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an
alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the
offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet
streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.
Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single
host for suspicious activity by analyzing events occurring within that host.
A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single
host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an
unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence
would be an intrusion prevention system.
Incorrect Answers:
B: Antivirus software provides protection against KNOWN viruses. As a zero-day attack is an unknown
vulnerability (a vulnerability that does not have a fix or a patch to prevent it) antivirus software cannot
protect against it. This answer is therefore incorrect.C: NIDS (network intrusion detection systems) are designed to detect attempts to gain access to the
network. We need to protect a server from zero day attacks, not the network. This answer is therefore
incorrect.
D: This question asks for the BEST option. A HIPS may be able to detect a zero day attack and is therefore
a better option. An ACL (access control list) can only restrict access to resources. This answer is therefore
incorrect.

http://en.wikipedia.org/wiki/Intrusion_prevention_system


Leave a Reply