A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?
A Network Intrusion Detection System (NIDS) monitors network traffic for suspicious activity and known threats, generating alerts when detected. It operates passively and does not block or drop traffic, ensuring that the company's services remain available and that legitimate traffic is not affected by false positives. This aligns with the requirement for a solution that does not compromise service availability.
A. NIDS A NIPS will drop false positives. https://owasp.org/www-community/controls/Intrusion_Detection
NIDS will not drop traffic
NIDS = Snort/Suricata = Passive Alerting It will not affect the network; all the others run that risk. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
I agree with A
Network Intrusion Detection System: They are strategically located across the network to monitor traffic from all devices connected to the Internet. Primarily, it performs an analysis of passing traffic on the whole subnet and compares that information to a database of known threats. When it detects an assault or detects strange activity, it alerts the administrator.
So are these answers wrong on the actual test or just wrong in the study guide? I need to know which answers will lead to a successful exam, not necessarily which answer is "correct".
Use the questions as a study tool. Look up the answer. According to the Study Guide by MacMillian, it would be NIPS
It is NIDS
NIDS stands for Network Intrusion Detection System. This system monitors the traffic on the network for any suspicious activity and sends alerts when such activity is detected. It's a passive system, meaning it won't take any action other than alerting the specified recipients. The key point here is that NIDS does not affect the availability of the company's services. It does not block any traffic itself, even if it's malicious. This ensures that false positives (legitimate traffic that is incorrectly flagged as malicious) do not disrupt the company's services. In contrast, a Network Intrusion Prevention System (NIPS), a Web Application Firewall (WAF), and a Reverse Proxy could potentially block traffic, which could lead to service disruption if there are false positives. Therefore, NIDS would be the best choice given the company's requirements.
A. NIDS A Network Intrusion Detection System (NIDS) would be the best fit for this scenario. NIDS monitors network traffic for suspicious activity or known threats and generates alerts when detected. It operates in a passive mode, simply monitoring and alerting, which means it wouldn't affect network availability as it does not take action to block or drop packets like a Network Intrusion Prevention System (NIPS) would. A Web Application Firewall (WAF) primarily focuses on application-layer threats, not network-level threats. A reverse proxy wouldn't be the best option either as it primarily aids in load balancing and distribution, it doesn't focus specifically on threat detection or prevention.
NIDS won't drop false positives
Keyword is Network Infrastructure that does NOT affect the availability.
Answer is A. NIDS
It provides monitoring and alerting capabilities without actively interfering with the traffic flow, thereby ensuring legitimate traffic is not droppe
Given the requirement that the solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic, the most suitable option is: C. WAF (Web Application Firewall) Explanation: WAF (Web Application Firewall): A WAF is designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS), and other web-based threats. It operates at the application layer and can filter, monitor, and block HTTP traffic between a web application and the Internet. WAFs are generally configured to minimize false positives and ensure legitimate traffic is not disrupted.
A WAF protects a public facing application against common attacks. The question specifically states the company is focusing on securing it's network infrastructure (i.e. the inside of the network, not just a public facing application or edge server). In this context, a NIDS makes the most sense.
A is correct. Prevention drops, Detection warns.
NIPS monitors the network and protects its privacy, integrity, and availability.