Exam N10-008 topic 1 question 377 discussion

you are not right: IPS is correct IPS takes action itself to block the attempted intrusion or otherwise remediate the incident. IDS is designed to only provide an alert about a potential incident, which enables a security operations center (SOC) analyst to investigate the event and determine whether it requires further action.

It says find and prevent so IPS

IPS (Intrusion Prevention System) has block actions, where as IDS (Intrusion Detection System) only detects and alerts, but doesn't block. Therefore answer is B.

An IPS is an advanced version of an IDS that not only detects malicious activity but also takes proactive measures to prevent those activities from affecting the network or systems. IPS operates in an active mode and has the capability to block, redirect, or modify network traffic based on predefined rules and policies.

IPS = Intrusion Prevention System

The best option to install to find and block any malicious users within a network is an Intrusion Detection System (IDS). An IDS is a security tool that monitors network traffic for signs of suspicious activity or known attack patterns. It analyzes network traffic in real-time and can alert administrators when it detects potential threats. IDS can also log security events for further analysis and forensic investigation.

A. IDS (Intrusion Detection System) would be the best to install to find and block any malicious users within a network. IDS systems monitor network traffic for suspicious activity and can alert administrators when they detect potentially malicious behavior. IPS (Intrusion Prevention System) is similar to IDS, but it can also take automated action to block malicious traffic, while SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control System) are used in industrial settings to monitor and control physical processes.

should be IDS as its detecting the intrusion not preventing