nerdexam
ExamsN10-005Questions#473
CompTIA

N10-005 · Question #473

N10-005 Question #473: Real Exam Question with Answer & Explanation

The correct answer is C: Behavior based IPS. A behavior-based (also called anomaly-based) IPS establishes a baseline of normal network activity and then detects deviations from that baseline - it effectively 'learns' what is normal and flags what is not. This is the 'learns on its own' capability the question describes. A s

Question

A network administrator is implementing an IPS on VLAN 1 and wants the IPS to learn what to prevent on its own. Which of the following would MOST likely be installed?

Options

  • AHoneynet
  • BSignature based IPS
  • CBehavior based IPS
  • DHost based IPS

Explanation

A behavior-based (also called anomaly-based) IPS establishes a baseline of normal network activity and then detects deviations from that baseline - it effectively 'learns' what is normal and flags what is not. This is the 'learns on its own' capability the question describes. A signature-based IPS relies on a predefined database of known attack patterns and cannot learn new threats autonomously. A honeynet is a decoy network used to observe attacker behavior, not a prevention system. A host-based IPS (HIPS) is installed on individual endpoints, not on a VLAN at the network level.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full N10-005 Practice
A network administrator is implementing an IPS on VLAN 1 and wants... | N10-005 Q#473 Answer | NerdExam