nerdexam
ExamsSY0-301Questions#848
CompTIA

SY0-301 · Question #848

SY0-301 Question #848: Real Exam Question with Answer & Explanation

The correct answer is A: HIPS. A Host Intrusion Prevention System (HIPS) uses behavioral and heuristic analysis to detect and block zero-day attacks that have no known signatures.

Question

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

Options

  • AHIPS
  • BAntivirus
  • CNIDS
  • DACL

Explanation

A Host Intrusion Prevention System (HIPS) uses behavioral and heuristic analysis to detect and block zero-day attacks that have no known signatures.

Common mistakes.

  • B. Antivirus software depends primarily on signature-based detection, making it ineffective against zero-day exploits for which no signature has yet been developed.
  • C. A Network Intrusion Detection System (NIDS) monitors network traffic passively and raises alerts but does not block attacks; it also relies on known signatures and cannot prevent host-level zero-day exploits.
  • D. Access Control Lists (ACLs) enforce network or file permission rules but have no mechanism to detect or prevent novel exploit code executing on a host.

Concept tested. HIPS for zero-day attack prevention

Reference. https://csrc.nist.gov/publications/detail/sp/800-94/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice