Which of the following would be BEST suited for this task?

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s
sales websites. Which of the following would be BEST suited for this task?

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s
sales websites. Which of the following would be BEST suited for this task?

A.
HIDS

B.
Firewall

C.
NIPSD. Spam filter

Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log fi les of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated
by a user locally logged in to the host.
B: Firewalls provide protection by controlling traffic entering and leaving a network.
D: A spam filter is a software or hardware tool whose primary purpose is to identify and
block/filter/remove unwanted messages (that is, spam). Spam is most commonly associated with email,
but spam also exists in instant messaging (IM), short message service (SMS), Usenet, and web
discussions/forums/comments/blogs.

http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 42, 47

Show Hint

Leave a Reply to Aquarious Workman Cancel reply11

Your email address will not be published. Required fields are marked *

10 + 2 =

Karan Bhayani

Karan Bhayani

The answer has to be NIDS(Network based Intrusion Detection system) as it is a passive network monitor whereas NIPS is an active network monitoring system.

Reply

Zemichael

Zemichael

I do agree with Karan. IPS is always active but IDS is a dual system that Active and passive. he pointed out that “passively monitor the network”. the answer should be NIDS.

Reply

Aquarious Workman

Aquarious Workman

Agreed a NIPS is “ACTIVELY” monitoring while NIDS would be “PASSIVELY” monitoring.

Reply

dhoang

dhoang

Q. 74136: Choice C & D need to be separated.

Reply

Ray

Ray

The answer to this question is not clear. One of the key terms in the question was “passive”. A NIP is not passive. The “P” stands for prevention which is an active response. A NID “D” stands for detection is passive which is a passive response. Spam Filtering is another active response.

Reply

Ali

Ali

is this dumb valid,

Reply

captcaveman

captcaveman

Answer is A. HIDS
Agreed, the BEST answer would be NIDS. However, they don’t give NIDS as a potential answer. Everyone is understanding that a NIPS would be active (it puts pulses onto the wire), but we are focusing on “passive” too much and missing that we are to monitor traffic directed to a specific system, the Web server. So the key here is not that we are trying to monitor traffic on the cables, but rather traffic that has already been delivered to the web server. Though a HIDS has nothing to do with traffic on a wire, it can however look at the traffic that has already been delivered to its host that it is monitoring. Lastly, a HIDS is passive.

Reply

Eric Hurz

Eric Hurz

ATTENTION PLEASE!!!

The SY0-401 Exam Will Retire On July 31, 2018, and then the New Exam is SY0-501!

New SY0-501 Exam Questions and Answers Updated Recently (7/Nov/2017):

NEW QUESTION 81
A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer’s proposal?

A. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used.
B. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.
C. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol.
D. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

Answer: B

NEW QUESTION 82
A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this?

A. Transport Encryption
B. Stream Encryption
C. Digital Signature
D. Steganography

Answer: D
Explanation:
Steganography is the process of hiding a message in another message so as to obfuscate its importance. It is also the process of hiding a message in a medium such as a digital image, audio file, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

NEW QUESTION 83
A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?

A. Incident management
B. Routine auditing
C. IT governance
D. Monthly user rights reviews

Answer: D

NEW QUESTION 84
Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth?

A. War chalking
B. Bluejacking
C. Bluesnarfing
D. Rogue tethering

Answer: B
Explanation:
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

NEW QUESTION 85
Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe receives a response, he is unable to decrypt the response with the same key he used initially. Which of the following would explain the situation?

A. An ephemeral key was used for one of the messages.
B. A stream cipher was used for the initial email; a block cipher was used for the reply.
C. Out-of-band key exchange has taken place.
D. Asymmetric encryption is being used.

Answer: D
Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

NEW QUESTION 86
Recently several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message. Which of the following principles of social engineering made this attack successful?

A. Authority
B. Spamming
C. Social proof
D. Scarcity

Answer: A

NEW QUESTION 87
Which of the following is the LEAST secure hashing algorithm?

A. SHA1
B. RIPEMD
C. MD5
D. DES

Answer: C

NEW QUESTION 88
An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the following security exposures would this lead to?

A. A virus on the administrator’s desktop would be able to sniff the administrator’s username and password.
B. Result in an attacker being able to phish the employee’s username and password.
C. A social engineering attack could occur, resulting in the employee’s password being extracted.
D. A man in the middle attack could occur, resulting the employee’s username and password being captured.

Answer: D

NEW QUESTION 89
Joe, the security administrator, sees this in a vulnerability scan report:
“The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit.”
Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of what?

A. a threat.
B. a risk.
C. a false negative.
D. a false positive.

Answer: D

NEW QUESTION 90
A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modem FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals?

A. Require the SFTP protocol to connect to the file server.
B. Use implicit TLS on the FTP server.
C. Use explicit FTPS for the connections.
D. Use SSH tunneling to encrypt the FTP traffic.

Answer: B

NEW QUESTION 91
A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords, The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select TWO.)

A. The portal will function as an identity provider and issue an authentication assertion.
B. The portal will request an authentication ticket from each network that is transitively trusted.
C. The back-end networks will function as an identity provider and issue an authentication assertion.
D. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.
E. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

Answer: BC

NEW QUESTION 92
Which of the following would a security specialist be able to determine upon examination of a server’s certificate?

A. CA public key
B. Server private key
C. CSR
D. OID

Answer: B

NEW QUESTION 93
……

P.S. These New SY0-501 Exam Questions Were Just Updated From The Real SY0-501 Exam, You Can Get The Newest SY0-501 Dumps In PDF And VCE From — https://www.passleader.com/sy0-501.html (166q VCE and PDF)

Good Luck!

Reply

Russell Allen

Russell Allen

ATTENTION PLEASE!!! The SY0-401 Exam Will Retire On July 31, 2018, and then the New Exam is SY0-501!

New SY0-501 Exam Questions Updated Recently (28/Dec/2017):

Lab Simulation 1 — Available Security Controls for Each Building
You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:
……

Lab Simulation 2 — Configure the Firewall
Configure the firewall (fill out the table) to allow these four rules:
– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2.
……

NEW QUESTION 141
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented?

A. Recovery agent
B. Ocsp
C. Crl
D. Key escrow

Answer: B

NEW QUESTION 142
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement?

A. HMAC
B. PCBC
C. CBC
D. GCM
E. CFB

Answer: A

NEW QUESTION 143
The Chief Security Officer (CSO) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

A. Use certificates signed by the company CA.
B. Use a signing certificate as a wild card certificate.
C. Use certificates signed by a public CA.
D. Use a self-signed certificate on each internal server.

Answer: D

NEW QUESTION 144
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A. Peer review
B. Component testing
C. Penetration testing
D. Vulnerability testing

Answer: C
Explanation:
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.

NEW QUESTION 145
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called “purchasing”, however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

A. Modify all the shared files with read only permissions for the intern.
B. Create a new group that has only read permissions for the files.
C. Remove all permissions for the shared files.
D. Add the intern to the “purchasing” group.

Answer: B

NEW QUESTION 146
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?

A. MAC filtering
B. Virtualization
C. OS hardening
D. Application white-listing

Answer: C

NEW QUESTION 147
A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format?

A. PFX
B. PEM
C. DER
D. CER

Answer: B

NEW QUESTION 148
When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select TWO.)

A. USB-attached hard disk
B. Swap/pagefile
C. Mounted network storage
D. ROM
E. RAM

Answer: AD

NEW QUESTION 149
When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

A. Owner
B. System
C. Administrator
D. User

Answer: C

NEW QUESTION 150
……

NEW QUESTION 151
A user clicked an email link that led to a website that infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not detected or blocked by the company’s email filter, website filter, or antivirus. Which of the following describes what occurred?

A. The user’s account was over-privileged.
B. Improper error handling triggered a false negative in all three controls.
C. The email originated from a private email server with no malware protection.
D. The virus was a zero-day attack.

Answer: A

NEW QUESTION 152
Which of the fallowing security controls does an iris scanner provide?

A. Logical
B. Administrative
C. Corrective
D. Physical
E. Detective
F. Deterrent

Answer: D

NEW QUESTION 153
……

P.S. These New SY0-501 Exam Questions Were Just Updated From The Real SY0-501 Exam, You Can Get The Newest SY0-501 Dumps In PDF And VCE From — https://www.passleader.com/sy0-501.html (182q VCE and PDF)

Good Luck!

Reply