Network Security Monitoring

Correct Answer: Investigate and determine the ongoing attack's nature and severity

Upon receiving an alert from your Intrusion Prevention System (IPS) indicating an ongoing attack, the best immediate course of action would be to 'Investigate and determine the ongoing attack's nature and severity'. This is because understanding the nature and scope of the attack will help to make an informed decision on the necessary actions to mitigate the attack. Disconnecting all user devices from the network or shutting down the entire network could unnecessarily disrupt operations or even aggravate the situation depending on the type of threat. Also, restoring the network from a backup isn't the correct immediate response, as you need to first understand and halt the intrusion before considering restoration actions to ensure that the threat has been thoroughly eliminated.

Correct Answer: Intrusion Detection System (IDS)

The best network monitoring tool for identifying unauthorized access to company resources would be the 'Intrusion Detection System (IDS)'. This tool is specifically designed to recognize suspicious activity on a network which could indicate a breach or unauthorized access. It uses predefined rules to detect anomalies and intrusions in network traffic. 'Syslog' is a standard for message logging and while it can record a wide range of system events, it is not specifically purposed for detecting unauthorized access. 'DHCP logs' record events related to the Dynamic Host Configuration Protocol, primarily dealing with IP address assignments. They are not intended to monitor unauthorized access. A 'Network Bandwidth Analyzer' monitors the amount of data transmitted over a network but it doesn’t specifically identify unauthorized access to the system resources.

Correct Answer: Setup a cloud-based DDoS mitigation service

To mitigate DDoS attacks, the best course of action would be to 'Setup a cloud-based DDoS mitigation service'. These services can absorb the traffic sent during a DDoS attack and prevent it from reaching the server. 'Disabling network monitoring' is incorrect because it would limit visibility into the network and make it even more difficult to respond to DDoS attacks. 'Lowering firewall security settings' would make the server more vulnerable to attack rather than less, hence it is not the correct answer 'Removing intrusion prevention systems' is incorrect as it would make the server even more vulnerable to all types of attacks, not just DDoS.