Mike, a network administrator, has been asked to passively monitor network traffic to the
company’s sales websites. Which of the following would be BEST suited for this task?
A.
HIDS
B.
Firewall
C.
NIPS
D.
Spam filter
Which of the following would be BEST suited for this task?
Mike, a network administrator, has been asked to passively monitor network traffic to the
company’s sales websites. Which of the following would be BEST suited for this task?
Right answer should be NIDS if he’s been asked to passively monitor network traffic.
Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected.
https://en.wikipedia.org/wiki/Intrusion_prevention_system
But you don’t need to use the prevention features. You can put it in audit mode, even just on specific IPs/interfaces if you like.
A firewall could do the same job, but is less likely to have the same level of sophistication.
I agree with George, but to the same argument IDS’s are (or can be) an extension of firewalls. And you can packet capture with filters on (some) firewalls.
Its a poorly asked question.
Yep both NIDS and firewall with logging turned on and/or packet captures would do the job. Hopefully it was just a typo …
The correct answer from the given options is C (NIPS).
Remember that a NIPS can do everything a NIDS can, but it can also prevent traffic.
If the question was asking for a device that can ONLY passively monitor network traffic, then NIDS would be right.
These questions are made like this to confuse the test taker. If you read carefully and understand the topics you can figure it out.
No. it can’t be figured out. The question is confusing. It’s a bad question. It shouldn’t be used for testing. That’s it.
Everyone has great comments. These types of questions are tricky and are meant to be vague and confusing, and forces the test taker to dig deep. The key parts of this question includes the phrases “network traffic” and “BEST suited”. “him” has a great comment. Answer C is correct. Answer A is not correct because an HIDS is host-based, not network based.