CERTIFIED-IN-CYBERSECURITY Question #551: Real Exam Question with Answer & Explanation

Question

Which solution is likely used by a cybersecurity analyst to monitor internet traffic and alert for unusual activity?

Options

• AHIDS
• BNIPS
• CSOAR
• DNIDS

Explanation

A network intrusion detection system (NIDS) is a system that monitors and analyzes network traffic for signs of intrusion or suspicious activity analysts (see ISC2 Study Guide, Chapter 4, Module 2). Consider that a cybersecurity analyst might set up a NIDS to monitor all incoming and outgoing traffic, looking for patterns or behaviors that match known intrusion techniques. Then, for example, when an organization's network experiences an unusually high volume of login attempts, the NIDS alerts the cybersecurity team to a potential brute force attack. While the remaining options have their place in cybersecurity, they are not the best fit for this scenario. Security Orchestration, Automation, and Response (SOAR) combines threat intelligence, incident response, and security automation capabilities. However, it doesn't directly monitor network traffic, making it less suitable for this task. Host Intrusion Detection System (HIDS) is designed to monitor individual systems or hosts, not network traffic, making it less effective for this broad monitoring requirement. Finally, Network Intrusion Prevention System (NIPS) detects threats and attempts to block them. While it could be used for detection, the question specifically asks for a solution that monitors and alerts--a primary function of a network intrusion detection system (NIDS), not a prevention system like NIPS.

No community discussion yet for this question.