nerdexam
ExamsCAS-003Questions#485
CompTIA

CAS-003 · Question #485

CAS-003 Question #485: Real Exam Question with Answer & Explanation

The correct answer is C: Install HIDS on each computer.. SPANNING traffic from the core to the IDS is going to dump a whole lot of traffic back to your IDS unnecessarily and dump duplicate communications toward the IDS and tax your bandwidth. The threat is already inside. computer to computer communication on the same subnet may or may

Question

A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

Options

  • AInstall network taps at the edge of the network.
  • BSend syslog from the IDS into the SIEM.
  • CInstall HIDS on each computer.
  • DSPAN traffic form the network core into the IDS.

Explanation

SPANNING traffic from the core to the IDS is going to dump a whole lot of traffic back to your IDS unnecessarily and dump duplicate communications toward the IDS and tax your bandwidth. The threat is already inside. computer to computer communication on the same subnet may or may not go back through the core. HIDS is the sensible, logical solution.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice