nerdexam
(ISC)2

CISSP-ISSAP · Question #127

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible atta

The correct answer is A. Install a network-based IDS. A Network-Based IDS (NIDS) monitors traffic across the entire local network by analyzing packets at strategic points (like network taps or span ports), making it the right tool when you need visibility into all traffic and real-time alerting on suspicious patterns - exactly what

Security Operations Architecture

Question

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this? (ISC)2 CISSP-ISSAP Exam

Options

  • AInstall a network-based IDS
  • BInstall a host-based IDS
  • CInstall a DMZ firewall
  • DEnable verbose logging on the firewall

How the community answered

(28 responses)
  • A
    82% (23)
  • B
    4% (1)
  • C
    11% (3)
  • D
    4% (1)

Explanation

A Network-Based IDS (NIDS) monitors traffic across the entire local network by analyzing packets at strategic points (like network taps or span ports), making it the right tool when you need visibility into all traffic and real-time alerting on suspicious patterns - exactly what the scenario describes.

Why the distractors fail:

  • B (Host-based IDS): A HIDS monitors a single host's activity (logs, file integrity, processes) - it cannot see traffic between other machines on the network.
  • C (DMZ firewall): A firewall enforces access control rules; it does not monitor all internal traffic for attacks or generate alerts on suspicious behavior.
  • D (Verbose firewall logging): Logging records events for later review but is passive - it won't notify you of an ongoing attack in real time, and it only covers traffic the firewall touches.

Memory tip: Think of the key words in the question - "all network traffic" and "notification when attack is in process." Those two requirements map directly to Network-based (sees everything) + IDS (detects and alerts). If the question said "on this specific server," switch to HIDS.

Topics

#Network-based IDS#Intrusion Detection#Network Traffic Monitoring#Attack Detection

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice