nerdexam
ExamsCAS-002Questions#651
CompTIA

CAS-002 · Question #651

CAS-002 Question #651: Real Exam Question with Answer & Explanation

The correct answer is A: NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware. Selecting the right intrusion prevention or detection technology for each zone requires balancing protection strength against operational impact, especially where hosts frequently change software.

Question

A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible. Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes. Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?

Options

  • ANIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware
  • BNIPS in the production zone, NIDS in the application zone, HIPS in the core network, and
  • CHIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
  • DNIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware

Explanation

Selecting the right intrusion prevention or detection technology for each zone requires balancing protection strength against operational impact, especially where hosts frequently change software.

Common mistakes.

  • B. NIDS in the application zone only detects threats and cannot prevent them, and placing HIPS on core network developer hosts would block the legitimate software installation and removal those hosts require.
  • C. Placing NIPS in the application zone is disproportionate for a single-host zone, and HIPS in the core network would interfere with developers who routinely install and remove software.
  • D. NIDS provides detection only and offers no active prevention for the publicly accessible production hosts, and HIDS on a single application-zone host adds complexity without the coverage advantage of HIPS.

Concept tested. IDS/IPS placement strategy across network security zones

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice