ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 243 discussion

Actual exam question from CompTIA's SY0-601
Question #: 243
Topic #: 1
[All SY0-601 Questions]

A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention?

  • A. NIDS
  • B. HIPS
  • C. AV
  • D. NGFW
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Granddude at Oct. 11, 2022, 2 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
passmemo
Highly Voted 2 years, 8 months ago
Selected Answer: B
A host-based intrusion detection and prevention system (HIPS) is a tool that monitors for changes to key files and network traffic on a device
upvoted 16 times
...
ApplebeesWaiter1122
Highly Voted 1 year, 11 months ago
Selected Answer: B
HIPS is the best tool to address both detection and prevention on endpoints. HIPS is an endpoint security solution that monitors and analyzes activity on individual hosts (endpoints) and takes action to prevent or block any suspicious or malicious activities. It can monitor changes to key files, network traffic, and other activities on the device, and can take preventive actions, such as blocking or quarantining malicious files or network connections.
upvoted 7 times
...
Dapsie
Most Recent 1 year ago
Selected Answer: B
I choose B because the question is about Endpoints. Only HIPS fits into that requirement.
upvoted 1 times
...
AspiringNerd
1 year, 1 month ago
Selected Answer: B
HIPS files and network attacks. NGFW network attacks.
upvoted 1 times
...
Jahania
1 year, 5 months ago
On the "Device" =Host. So HIDs
upvoted 2 times
...
RobbieT
2 years, 2 months ago
The answer is HIPS. "...on the device" is the giveaway.
upvoted 4 times
...
DWISE1
2 years, 3 months ago
a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking. adds application-level inspection, intrusion prevention, and brings intelligence from outside the firewall
upvoted 1 times
...
Jimbobilly
2 years, 6 months ago
Selected Answer: B
It's HIPS
upvoted 2 times
...
FMMIR
2 years, 6 months ago
Selected Answer: B
The best tool for monitoring changes to key files and network traffic on a device, as well as providing detection and prevention capabilities, is a host-based intrusion prevention system (HIPS). A HIPS monitors changes to key files and network traffic on a single device, and can detect and prevent malicious activities by comparing the current state of the system to a known good state. In contrast, a network-based intrusion detection system (NIDS) only monitors network traffic for signs of malicious activity and does not provide prevention capabilities. An antivirus (AV) program only detects and removes malware from a device, and does not monitor changes to key files or network traffic. A next-generation firewall (NGFW) monitors and controls network traffic, but does not provide the detailed monitoring and prevention capabilities of a HIPS.
upvoted 6 times
...
J_Ark1
2 years, 7 months ago
why not d, next gen firewall?
upvoted 1 times
JStevie
2 years, 7 months ago
I believe it's not NGFW because the question states it wants to monitor changes on the device itself, not the entire network. The only other option that can detect and prevent is HIPS
upvoted 4 times
...
...
03allen
2 years, 7 months ago
Selected Answer: A
Why not a NIDS? A network-based intrusion detection system (NIDS) detects malicious traffic on a network. NIDS usually require promiscuous network access in order to analyze all traffic, including all unicast traffic.
upvoted 5 times
Sir_Learnalot
2 years, 7 months ago
It would not meet all criterias asked in the question as a NIDS is not able to monitor key files on a endpoint.
upvoted 4 times
...
hrncgl
1 year, 9 months ago
On the device... all scenario focused on the host. That's why we need a host based solution...
upvoted 4 times
...
...
Granddude
2 years, 8 months ago
Selected Answer: B
A host-based intrusion prevention system (HIPS) is a system or a program employed to protect critical computer systems containing crucial data against viruses and other Internet malware. Starting from the network layer all the way up to the application layer, HIPS protects from known and unknown malicious attacks.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel