CompTIA
CAS-002 · Question #722
CAS-002 Question #722: Real Exam Question with Answer & Explanation
The correct answer is D: HIDS. To detect a malicious actor physically accessing the network from within, administrators should use tools that monitor host activity and enumerate active network connections.
Question
A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to scan and detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).
Options
- ARAS
- BVulnerability scanner
- CHTTP intercept
- DHIDS
- EPort scanner
- FProtocol analyzer
Explanation
To detect a malicious actor physically accessing the network from within, administrators should use tools that monitor host activity and enumerate active network connections.
Common mistakes.
- A. RAS (Remote Access Service) provides remote connectivity to a network but has no detection or scanning capability for identifying malicious actors already present on the internal network.
- B. A vulnerability scanner identifies software weaknesses and misconfigurations in systems but does not detect the active presence or behavior of a malicious actor on the network.
- C. HTTP intercept captures and inspects web traffic but is limited to HTTP sessions and cannot detect a physically present intruder accessing non-web resources or internal systems.
- F. A protocol analyzer passively captures and decodes network traffic and requires manual human analysis to identify threats, so it does not actively scan for or alert on a malicious actor's presence.
Concept tested. Insider threat detection using HIDS and port scanning
Reference. https://csrc.nist.gov/glossary/term/host_based_intrusion_detection_system
Community Discussion
No community discussion yet for this question.