nerdexam
ExamsCAS-003Questions#877
CompTIA

CAS-003 · Question #877

CAS-003 Question #877: Real Exam Question with Answer & Explanation

The correct answer is A: NIPS. A Network Intrusion Prevention System (NIPS) actively inspects and blocks malicious packets at the network level before they reach endpoints, unlike controls that act only after delivery.

Question

A security analyst is reviewing the following event: The packet appears to contain a malicious payload that is being delivered to the endpoint through the gateway firewall. Which of the following should the company implement to reduce the risk of similar attacks in the future?

Options

  • ANIPS
  • BHIDS
  • CAntivirus
  • DSIEM

Explanation

A Network Intrusion Prevention System (NIPS) actively inspects and blocks malicious packets at the network level before they reach endpoints, unlike controls that act only after delivery.

Common mistakes.

  • B. A Host-based IDS monitors activity on individual endpoints after traffic has already been delivered - it detects but does not block malicious packets traversing the network.
  • C. Antivirus operates on files at the host level after they have been received and written to disk, providing no protection against the network-level delivery of the malicious payload.
  • D. A SIEM aggregates and correlates security events for alerting and analysis but has no capability to actively block or drop malicious network traffic in transit.

Concept tested. Network Intrusion Prevention System blocking malicious payloads

Reference. https://csrc.nist.gov/publications/detail/sp/800-94/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice