Back to Secure Network Architecture

Intrusion Detection and Prevention Systems (IDPS)

5 minutes 5 Questions

Intrusion Detection and Prevention Systems (IDPS) are tools that monitor network traffic for abnormal or malicious activity. IDS (Intrusion Detection System) identifies potential threats and generates alerts, while IPS (Intrusion Prevention System) can actively block or quarantine malicious traffic…

Test mode:
Start practice test
CompTIA Security+ - Intrusion Detection and Prevention Systems (IDPS) Example Questions

Test your knowledge of Intrusion Detection and Prevention Systems (IDPS)

Question 1

In setting up a distributed network of intrusion detection sensors, what strategy should be employed to ensure the IDPS can handle high-volume traffic without sacrificing accuracy?

Correct Answer: Implement network-based sensors with load balancing

In setting up a distributed network of intrusion detection sensors (IDPS), the strategy that should be employed to ensure the system can handle high-volume traffic without sacrificing accuracy is to implement network-based sensors with load balancing. Load balancing helps distribute the network traffic load across multiple sensors, preventing any single sensor from becoming a bottleneck. This ensures high availability and maintains performance even under heavy traffic conditions. Deploying host-based sensors on critical endpoints only might not provide a comprehensive view of network traffic and could miss threats on non-critical systems. Using a single, centralized sensor for all traffic analysis is impractical for high-volume networks, as it would likely result in performance bottlenecks and reduced detection capabilities. Configuring all sensors to operate in promiscuous mode would indeed capture all traffic but could overwhelm the sensors with unnecessary data, leading to performance issues and could reduce accuracy due to the sheer volume of traffic being analyzed.

Question 2

An Intrusion Prevention System (IPS) has recently been deployed to a company's network. One day, legitimate traffic from a trusted partner is suddenly being blocked by the IPS, disrupting important operations. What could be done to minimize the likelihood of this happening again?

Correct Answer: Create a whitelist for the trusted partner's IP addresses

Creating a whitelist for the trusted partner's IP addresses ensures the IPS allows their traffic and avoids false-positive blocks. Disabling the IPS, lowering sensitivity or only monitoring specific threats will compromise the overall security. Continuously rebooting the IPS is not a practical solution and switching to an IDS does not prevent the blocking of legitimate traffic.

Question 3

A company has recently implemented a new intrusion detection system (IDS). After a week, the system alerts the security team of a possible intrusion. Upon investigation, there are no signs of unauthorized access, and it turns out to be a false alarm. What could the security team implement to reduce such false-positive alerts in the future?

Correct Answer: Tune the IDS based on network traffic and operations

By tuning the IDS based on network traffic and operations, the security team can better understand normal behavior and set thresholds accordingly, reducing false-positive alerts. Disabling the IDS, ignoring alerts, or blindly updating signatures would compromise the security of the network, and switching to a different vendor may not guarantee a reduction in false positives.

More Intrusion Detection and Prevention Systems (IDPS) questions
14 questions (total)
Start 14 question test