CAS-003 · Question #765
CAS-003 Question #765: Real Exam Question with Answer & Explanation
The correct answer is C: Implement a NIDS/NIPS.. A Network Intrusion Detection/Prevention System (NIDS/NIPS) monitors network traffic for malicious activity and, in prevention mode, actively blocks attacks. A properly configured NIPS would have detected and blocked the initial network-based exploitation attempt that allowed the
Question
Options
- ASet up log forwarding and utilize a SIEM for centralized management and alerting.
- BUse a patch management system to close the vulnerabilities in a shorter
- CImplement a NIDS/NIPS.
- DDeploy SELinux using the system baseline as the starting point.
- EConfigure the host firewall to block unauthorized inbound connections.
Explanation
A Network Intrusion Detection/Prevention System (NIDS/NIPS) monitors network traffic for malicious activity and, in prevention mode, actively blocks attacks. A properly configured NIPS would have detected and blocked the initial network-based exploitation attempt that allowed the attacker to compromise the server in the first place - which is the root cause that enabled them to install unauthorized daemons and cron jobs. Option A (SIEM) aids detection but not active prevention. Option B (patch management) addresses vulnerabilities but is slower-acting. Option D (SELinux) enforces OS-level access controls and could prevent unauthorized daemons from binding to ports, but would not block the initial intrusion. Option E (host firewall) can block inbound connections but does nothing to stop the cron job or the underlying breach.
Community Discussion
No community discussion yet for this question.