The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users’ workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users’ workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?
A . HIPS
B . UTM
C . Antivirus
D . NIPS
E . DLP

Answer: A

Explanation:

In this question, we need to protect the workstations when connected to either the office or home network. Therefore, we need a solution that stays with the workstation when the user takes the computer home.

A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion.

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity.

The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.

Incorrect Answers:

B: Unified threat management (UTM) is a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss prevention and on-appliance reporting. However, UTM is designed to protect a network; it will not protect the user’s workstations when connected to their home networks as required in this question.

C: Antivirus software will protect against attacks aided by known viruses. However, it will not protect against unknown attacks as required in this question.

D: NIPS stands for Network Intrusion Prevention Systems. A NIPS is designed to protect a network; it will not protect the user’s workstations when connected to their home networks as required in this question.

E: Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. DLP does not protect against malicious attacks.

References:

http://en.wikipedia.org/wiki/lntrusion_prevention_system

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments