CompTIA CASP+ (CAS-003) — Question 205
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?
Answer options
- A. Vulnerability scanner
- B. TPM
- C. Host-based firewall
- D. File integrity monitor
- E. NIPS
Correct answer: C
Explanation
A Host-based firewall can monitor outgoing and incoming traffic, which helps in detecting unauthorized access attempts. While a vulnerability scanner identifies security weaknesses, it does not actively monitor ongoing activities. TPM is for hardware security, and a file integrity monitor focuses on file changes but not on network traffic, making them less effective in this specific scenario.