CompTIA CASP+ (CAS-003) — Question 21
A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company's client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via
SNMP from multiple IP addresses. Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?
Answer options
- A. Install a HIPS on the web servers
- B. Disable inbound traffic from offending sources
- C. Disable SNMP on the web servers
- D. Install anti-DDoS protection in the DMZ
Correct answer: A
Explanation
Implementing a Host Intrusion Prevention System (HIPS) on the web servers is the best approach because it can actively monitor and block malicious activities, including reconnaissance attempts. Disabling inbound traffic from offending sources may temporarily mitigate the issue but does not address the underlying vulnerability. Disabling SNMP could limit legitimate monitoring capabilities, and installing anti-DDoS protection in the DMZ is not specifically aimed at preventing reconnaissance activities.