Which of the following security architecture elements also has sniffer functionality? (Select TWO).
A.
HSM
B.
IPS
C.
SSL accelerator
D.
WAP
E.
IDS
Explanation:
Sniffer functionality means the ability to capture and analyze the content of data packets as they are transmitted across the network.
IDS and IPS systems perform their functions by capturing and analyzing the content of data packets.
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and
produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are
network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor
expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information
about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting
existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every
organization.
IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can
also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack
itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack’s content.
Incorrect Answers:
A: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides
cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. An
HSM does not have sniffer functionality. Therefore, this answer is incorrect.C: SSL acceleration is a method of offloading the processor-intensive public-key encryption algorithms involved in SSL transactions to a hardware accelerator. An
SSL accelerator does not have sniffer functionality. Therefore, this answer is incorrect.
D: A WAP (Wireless Access Point) is a device used to create a wireless network. A WAP receives and transmits data packets over a wireless network connection.
However, a WAP does not have sniffer functionality. Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Intrusion_detection_system
http://en.wikipedia.org/wiki/Hardware_security_module
http://en.wikipedia.org/wiki/SSL_acceleration